Vulnerability vector:

• Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
• Severity (CVSSv4.0): 8.7 (high)

Description:

The vulnerability was identified in jsPDF library, versions prior to 3.0.0.

The discovered vulnerability allows an attacker to pass unsanitized image urls to the vulnerable method that results in high CPU utilization and denial of service.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 18.03.2025

Recommendations:

• Update to version or higher

Additional information:

Researcher: Aleksey Solovev (Positive Technologies)