CVE-2026-25535 (GCVE-0-2026-25535)

Vulnerability from cvelistv5 – Published: 2026-02-19 14:34 – Updated: 2026-06-30 12:06
VLAI?
Title
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
Summary
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
Impacted products
Vendor Product Version
parallax jsPDF Affected: < 4.2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25535",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-19T16:03:04.920714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-19T16:03:26.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-19T14:34:05.648Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:06:34.040Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-25535"
          },
          {
            "name": "RHBZ#2440992",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25535.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7110"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7128"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-19T15:01:17.455Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-19T14:34:05.648Z",
            "value": "Made public."
          }
        ],
        "title": "jsPDF: denial of service via malicious GIF dimensions",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsPDF",
          "vendor": "parallax",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-19T14:34:05.648Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"
        },
        {
          "name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"
        },
        {
          "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"
        },
        {
          "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
        }
      ],
      "source": {
        "advisory": "GHSA-67pg-wm7f-q7fj",
        "discovery": "UNKNOWN"
      },
      "title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25535",
    "datePublished": "2026-02-19T14:34:05.648Z",
    "dateReserved": "2026-02-02T19:59:47.374Z",
    "dateUpdated": "2026-06-30T12:06:34.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"jsPDF: denial of service via malicious GIF dimensions\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-19T15:01:17.455Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-02-19T14:34:05.648Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-02-19T14:34:05.648Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-25535\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2440992\", \"name\": \"RHBZ#2440992\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25535.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7110\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7128\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T02:45:36.967Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25535\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-19T16:03:04.920714Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-19T16:03:09.356Z\"}}], \"cna\": {\"title\": \"jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions\", \"source\": {\"advisory\": \"GHSA-67pg-wm7f-q7fj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"parallax\", \"product\": \"jsPDF\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.2.0\"}]}], \"references\": [{\"url\": \"https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj\", \"name\": \"https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6\", \"name\": \"https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md\", \"name\": \"https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/parallax/jsPDF/releases/tag/v4.2.0\", \"name\": \"https://github.com/parallax/jsPDF/releases/tag/v4.2.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-19T14:34:05.648Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-25535\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T02:45:36.967Z\", \"dateReserved\": \"2026-02-02T19:59:47.374Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-19T14:34:05.648Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…