PT-2025-40963 · Pdfmake · Pdfmake
Ryusei Ishikawa
·
Published
2025-10-07
·
Updated
2025-10-20
·
CVE-2025-11362
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
pdfmake versions prior to 0.3.0-beta.17
Description
The software is susceptible to a denial-of-service condition due to unrestricted resource allocation. This occurs when processing crafted input that repeatedly redirects URLs during file embedding, potentially leading to application crashes or unresponsiveness.
Recommendations
Update to version 0.3.0-beta.17 or later.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pdfmake