Denial of Service Vulnerability in jsPDF Library from Parallax
CVE-2025-57810

8.7HIGH

Key Information:

Vendor

Parallax

Status
JsPDF
Vendor
CVE Published:
26 August 2025

What is CVE-2025-57810?

The jsPDF library, used for generating PDFs in JavaScript, has a vulnerability where unsanitized image data passed to the addImage method can lead to high CPU utilization and denial of service. This happens when a user is allowed to input their own image data or URLs, potentially including harmful PNG files. The issue was addressed in version 3.0.2, providing a secure way to handle image inputs and preventing abuse of CPU resources.

Affected Version(s)

jsPDF < 3.0.2

References

https://github.com/parallax/jsPDF/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/parallax/jsPDF/pull/3880
x_refsource_MISC
https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-57810 : Denial of Service Vulnerability in jsPDF Library from Parallax