CNNVD-202602-048 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-048
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
jsPDF是Parallax开源的一款基于JavaScript的PDF文档生成库。 jsPDF 4.1.0之前版本存在安全漏洞,该漏洞源于addImage方法的第一个参数允许用户提供有害BMP文件,可能导致内存耗尽和拒绝服务。
Description (English)
jsPDF is a PDF-generated library based on JavaScript. A security loophole existed in the pre-JsPDF 4.1.0 version, which originated from the first parameter of the addImage method, which allowed users to provide harmful BMP files and could lead to depletion of memory and denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Parallax
Published
2026-02-02
Last Modified
2026-02-24
References
https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d https://github.com/parallax/jsPDF/releases/tag/v4.1.0 https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c
Patch
https://parall.ax/products/jspdf
Share on: