PT-2025-34787 · Jspdf · Jspdf

Aleksey Solovev

·

Published

2025-08-26

·

Updated

2025-08-26

·

CVE-2025-57810

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2
Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service. Providing unsanitized image data or URLs to the addImage method allows a user to supply a malicious PNG file, resulting in excessive CPU usage and a denial-of-service condition.
Recommendations: Update to jsPDF version 3.0.2 or later.

Exploit

Fix

DoS

Infinite Loop

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-770CWE-20

Related Identifiers

BDU:2025-11395
CVE-2025-57810
GHSA-8MVJ-3J78-4QMW

Affected Products

Jspdf