216.73.216.75

CVE-2025-29907

· Published 18/03/2025 19:15 · Modified 18/03/2025 19:15

Labels: CVE-2025-29907 2025-03-18CVE-2025-29907CWE-400[email protected]

Essential information

Published
18/03/2025 19:15
Modified
18/03/2025 19:15
Author
Creator
CISA KEV
No
CWE

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
parallax / jspdf cpe:2.3:a:parallax:jspdf:*:*:*:*:*:*:*:*

References