jsPDF Denial-of-Service Vulnerability via Corrupt PNG Images

A denial-of-service vulnerability has been identified in jsPDF versions prior to 3.0.2. The issue arises in the addImage method, where user control of the first argument allows the introduction of unsanitized image data or URLs. This can lead to high CPU utilization and prolonged processing times. The vulnerability can be exploited by providing a harmful PNG file, which causes the library to enter a long-running loop, effectively freezing the application.

Impact

Exploitation of this vulnerability leads to significant CPU usage, causing the application to become unresponsive for an extended period.

Reproduction

To reproduce this vulnerability, upload a corrupt PNG file through the addImage method of jsPDF. This can be done by creating a Uint8Array that represents the harmful PNG data and passing it to the addImage method. The operation will take a noticeable amount of time, demonstrating the denial-of-service effect.

Remediation

Users are advised to upgrade to jsPDF version 3.0.2 or later, where this vulnerability has been fixed. In the patched version, invalid PNG files are properly handled by throwing an error instead of causing excessive CPU usage.