{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25535", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-02T19:59:47.374Z", "datePublished": "2026-02-19T14:34:05.648Z", "dateUpdated": "2026-02-19T16:03:26.484Z"}, "containers": {"cna": {"title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"}, {"name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"}, {"name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"}, {"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"version": "< 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T14:34:05.648Z"}, "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "source": {"advisory": "GHSA-67pg-wm7f-q7fj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T16:03:04.920714Z", "id": "CVE-2026-25535", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:03:26.484Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25535", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T16:03:04.920714Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:03:09.356Z"}}], "cna": {"title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions", "source": {"advisory": "GHSA-67pg-wm7f-q7fj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"status": "affected", "version": "< 4.2.0"}]}], "references": [{"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T14:34:05.648Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25535", "state": "PUBLISHED", "dateUpdated": "2026-02-19T16:03:26.484Z", "dateReserved": "2026-02-02T19:59:47.374Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-19T14:34:05.648Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:parall:jspdf:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7EACE56E-B77C-421B-AAFE-F5FD3C80FE94", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "id": "CVE-2026-25535", "lastModified": "2026-02-23T19:13:18.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-19T15:16:12.130", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "jsPDF: denial of service via malicious GIF dimensions", "id": "2440992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage and html methods, making sure that the width and height header values do not exceed safe and predefined limits."}, "name": "CVE-2026-25535", "package_state": [{"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}], "public_date": "2026-02-19T14:34:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25535\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25535\nhttps://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md\nhttps://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6\nhttps://github.com/parallax/jsPDF/releases/tag/v4.2.0\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"], "statement": "To exploit this flaw, an attacker must be able to process a specially crafted GIF file with an application using the addImage and html methods. This issue can cause the application to allocate an excessive amount of memory, eventually resulting in a denial of service with no other security impact. Due to this reason, this vulnerability has been rated with an important severity.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.2.0)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "jsPDF", "source": "cna", "vendor": "parallax"}, "product": "jspdf", "vendor": "parall"}], "analysis": {"en": {"generated_at": "2026-04-17T18:06:51.970957+00:00", "value": {"mitigation_remediation": ["Upgrade jsPDF to version 4.2.0 or later to apply the official patch.", "Sanitize or validate all image data before passing it to addImage or html, and enforce reasonable limits on width and height values.", "Remove or restrict the use of user\u2011supplied image URLs or data in the application until the library is updated or the input is properly validated."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is jsPDF, developed by parallax. All releases prior to version 4.2.0 are vulnerable. The vulnerability affects the addImage and html methods and applies to both client\u2011side and server\u2011side JavaScript deployments. If an application accepts user\u2011supplied image URLs or data that is passed to these methods, it is exposed to this denial\u2011of\u2011service condition.", "description_and_impact": "jsPDF is a JavaScript library for generating PDFs. This vulnerability involves the misuse of width and height values in GIF headers when they are passed to the addImage method. An attacker can supply a malicious GIF with unusually large dimensions, causing jsPDF to attempt excessive memory allocation that eventually exhausts the process memory and stops the application. The result is a denial of service that compromises application availability. The weakness is categorized as CWE\u2011400 (Resource Exhaustion) and CWE\u2011770 (Out\u2011of\u2011Bound Resource Access).", "risk_and_exploitability": "The CVSS score of 8.7 indicates high severity. The EPSS score is below 1\u202f%, indicating a very low but non\u2011zero probability of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. An attacker needs the ability to supply image data or URLs to addImage or html, which is often allowed in web applications that process user content; no elevated privileges or authentication are required. The vendor\u2019s commit history shows the issue was fixed in version 4.2.0, but until an upgrade or mitigation is applied, user\u2011controlled images can trigger memory exhaustion remotely. "}}}}, "created": "2026-02-20T10:06:43.027519+00:00", "updated": "2026-04-17T18:15:26.773776+00:00", "vendors": ["parall", "parall$PRODUCT$jspdf"]}