jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

Basic Information

ID CVE-2025-57810

Source GitHub_M

Published Aug 26, 2025 at 15:37

Modified Aug 26, 2025 at 15:58

Affected Product

Vendor parallax

Product jsPDF

Version < 3.0.2

Affected Versions parallax jsPDF < 3.0.2

CWE Classification

CWE-20 CWE-770

References

{
    "lastseen": "",
    "description": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.",
    "published": "2025-08-26T15:37:28.071Z",
    "modified": "2025-08-26T15:58:25.184Z",
    "type": "cve",
    "title": "jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)",
    "source": "GitHub_M",
    "references": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw\nhttps://github.com/parallax/jsPDF/pull/3880\nhttps://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\nhttps://github.com/parallax/jsPDF/releases/tag/v3.0.2",
    "id": "CVE-2025-57810",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "parallax jsPDF < 3.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jsPDF",
    "version": "< 3.0.2",
    "vendor": "parallax",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)_CVE-2025-57810