CNNVD-202508-3085 Information
CNNVD ID
CNNVD-202508-3085
Related CVE
- CNNVD Published: 2025-08-26
Description (Chinese)
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 3.0.2之前版本存在安全漏洞,该漏洞源于addImage方法未对输入进行充分验证,可能导致CPU资源耗尽和拒绝服务攻击。
Description (English)
jsPDF is a PDF-generated library based on JavaScript. jsPDF 3.0.2 has a security loophole, which stems from the failure of the addImage method to adequately verify the input, which could lead to the depletion of CPU resources and the denial of service attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Parallax
Published
2025-08-26
Last Modified
2026-02-24
References
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw https://github.com/parallax/jsPDF/releases/tag/v3.0.2 https://github.com/parallax/jsPDF/pull/3880 https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9 https://nvd.nist.gov/vuln/detail/CVE-2025-57810
Patch
https://github.com/parallax/jsPDF/releases
Share on: