parallax jsPDF
Easy fix2 remedies
cpe:2.3:a:parall:jspdf:*:*:*:*:node.js:*:*
Easy fix2 remedies
- <= 3.0.0
jsPDF Regular Expression Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in jsPDF versions prior to 3.0.1. The issue arises in the 'addImage' method, where user-controlled image URLs can be passed without proper sanitization. This allows the injection of harmful data URLs that cause excessive CPU usage, leading to a denial-of-service condition. Similar vulnerabilities exist in the 'html' and 'addSvgAsImage' methods.
Impact
Exploitation of this vulnerability causes high CPU utilization, creating a denial-of-service condition.
Reproduction
To reproduce this vulnerability, use jsPDF version 3.0.0 or earlier. Pass a crafted data URL as the first argument to the 'addImage' method. The data URL should be designed to exploit the regular expression processing, such as by including repeated patterns that cause excessive backtracking. Once the image is added, the CPU usage will spike, demonstrating the denial-of-service effect.
Remediation
Upgrade to jsPDF version 3.0.1 or later. If upgrading is not possible, sanitize image URLs before passing them to the 'addImage' method or any other affected methods.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
6.0remediation
7.9relevance
0.0threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.