Primary

Context

pdfmake Allocation of Resources Without Limits Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the pdfmake package, specifically in versions prior to 0.3.0-beta.17. This issue arises from a lack of proper throttling, allowing an attacker to cause the application to crash or become unresponsive. The vulnerability can be exploited by embedding files with URLs that redirect repeatedly, overwhelming the application's resource handling.

Impact

Exploitation of this vulnerability can cause the application to crash or become unresponsive, leading to a denial-of-service condition.

Remediation

Users are advised to upgrade pdfmake to version 0.3.0-beta.17 or higher.

Added: Oct 7, 2025, 5:17 AM

Updated: Oct 7, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pdfmake Allocation of Resources Without Limits Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

bpampuch pdfmake

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating