Vulnerability Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parall | Jspdf | < 4.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.mdExploitThird Party Advisory
- https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5ePatch
- https://github.com/parallax/jsPDF/releases/tag/v4.2.0Release Notes
- https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fjVendor Advisory
FAQ
What is CVE-2026-25535?
CVE-2026-25535 is a vulnerability with a CVSS score of 7.5 (HIGH). jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitize...
How severe is CVE-2026-25535?
CVE-2026-25535 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25535?
Check the references section above for vendor advisories and patch information. Affected products include: Parall Jspdf.