{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25535", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-02T19:59:47.374Z", "datePublished": "2026-02-19T14:34:05.648Z", "dateUpdated": "2026-02-19T16:03:26.484Z"}, "containers": {"cna": {"title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"}, {"name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"}, {"name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"}, {"name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"version": "< 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T14:34:05.648Z"}, "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "source": {"advisory": "GHSA-67pg-wm7f-q7fj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T16:03:04.920714Z", "id": "CVE-2026-25535", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:03:26.484Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25535", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T16:03:04.920714Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T16:03:09.356Z"}}], "cna": {"title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions", "source": {"advisory": "GHSA-67pg-wm7f-q7fj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "parallax", "product": "jsPDF", "versions": [{"status": "affected", "version": "< 4.2.0"}]}], "references": [{"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T14:34:05.648Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25535", "state": "PUBLISHED", "dateUpdated": "2026-02-19T16:03:26.484Z", "dateReserved": "2026-02-02T19:59:47.374Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-19T14:34:05.648Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."}], "id": "CVE-2026-25535", "lastModified": "2026-02-19T15:52:39.260", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-19T15:16:12.130", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "jsPDF: denial of service via malicious GIF dimensions", "id": "2440992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage and html methods, making sure that the width and height header values do not exceed safe and predefined limits."}, "name": "CVE-2026-25535", "package_state": [{"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}], "public_date": "2026-02-19T14:34:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25535\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25535\nhttps://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md\nhttps://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6\nhttps://github.com/parallax/jsPDF/releases/tag/v4.2.0\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"], "statement": "To exploit this flaw, an attacker must be able to process a specially crafted GIF file with an application using the addImage and html methods. This issue can cause the application to allocate an excessive amount of memory, eventually resulting in a denial of service with no other security impact. Due to this reason, this vulnerability has been rated with an important severity.", "threat_severity": "Important"}

{}