CVE-2026-25535
Undergoing Analysis Undergoing Analysis - In Progress
Denial of Service via Unsanitized Image Data in jsPDF

Publication date: 2026-02-19

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25535
EUVD
EUVD-2026-8095
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
parall jspdf to 4.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the jsPDF library versions prior to 4.2.0, specifically in the addImage method and other affected methods like html. It occurs because user input controls the first argument of the addImage method without proper sanitization.

If an attacker provides a harmful GIF file with very large width and/or height values in its headers, this causes the library to allocate excessive memory, leading to out of memory errors and denial of service.

The issue has been fixed in jsPDF version 4.2.0. Until then, the recommended workaround is to sanitize image data or URLs before passing them to the addImage or other affected methods.

Impact Analysis

This vulnerability can lead to a denial of service condition in applications using vulnerable versions of jsPDF.

By passing specially crafted harmful GIF files with large dimensions, an attacker can cause the application to consume excessive memory, potentially crashing or becoming unresponsive.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade jsPDF to version 4.2.0 or later where the issue is fixed.

As a workaround, sanitize image data or URLs before passing them to the addImage method or other affected methods such as html.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25535. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart