CVE-2026-24133

216.73.217.22

· Published 02/02/2026 23:16 · Modified 03/02/2026 16:44

Labels: CVE-2026-24133 2026-02-02 CVE-2026-24133 CWE-770 [email protected]

Essential information

Published: 02/02/2026 23:16
Modified: 03/02/2026 16:44
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in [email protected].

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
jspdf / jspdf	`cpe:2.3:a:jspdf:jspdf:<4.1.0:::::::*`