- Description
- jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-400
- Hype score
- Not currently trending
[CVE-2025-29907: HIGH] Critical security vulnerability in jsPDF library prior to version 3.0.1 allowed CPU utilization and denial of service through unsanitized image URLs. Update to version 3.0.1 to patch this f...#cybersecurity,#vulnerability https://t.co/9iu0zVkkBj https://t.c
@CveFindCom
18 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29907 jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of … https://t.co/3NUa8eAAeD
@CVEnew
18 Mar 2025
229 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes