jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Severity:: High

Description

User control of the first argument of the addImage method results in Denial of Service.

If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service.

Recommendation

Update the jspdf package to the latest compatible version. Followings are version details:

Affected version(s): <= 4.0.0
Patched version(s): 4.1.0

References

GHSA-95fx-jjr5-f39c
CVE-2026-24133
CWE-20
CWE-400
CWE-770
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Cube Core is vulnerable to Denial of Service (DoS) via crafted request - CVE-2026-25957
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions - CVE-2026-25535
Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution - CVE-2026-30939
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - CVE-2026-25639

Tags:: npm; jspdf

Anything's wrong? Let us know Last updated on February 03, 2026