CVE-2025-29907 - Denial of Service Vulnerability in jsPDF prior to 3..1 via User-Controlled addImage Method Argument

jsPDF is a popular and widely-used JavaScript library for generating PDF files on the client-side. In versions prior to 3..1, a significant Denial-of-Service (DoS) vulnerability has been discovered, affecting the addImage, html, and addSvgAsImage methods. This vulnerability was reported as CVE-2025-29907 and has the potential to impact the performance and availability of websites and applications using the library.

Impact

By exploiting this vulnerability, an attacker can cause a user-controlled Denial of Service (DoS) attack, resulting in the high CPU utilization of the server running the application. This can disrupt the resources and services offered by the server and affect the availability of the application to other users as well.

Vulnerable Code

The vulnerability exists in the addImage method of jsPDF, which accepts a user-controlled argument that is not sanitized. Here's an example of the vulnerable code in addImage method:

jsPDF.addImage = function(imageUrl, format, x, y, width, height) {
    // Code for adding an image to the PDF
}

The vulnerability also impacts the html and addSvgAsImage methods

jsPDF.html = function(element, options) {
    // Code for converting an HTML element to PDF
}

jsPDF.addSvgAsImage = function(svg, x, y, w, h) {
    // Code for adding an SVG as an image to the PDF
}

An attacker can exploit this vulnerability by providing a harmful data-url to the addImage method

var maliciousImage = "data:image/png;base64,....."; // Large data URL causing high CPU utilization
var doc = new jsPDF();
doc.addImage(maliciousImage, 'PNG', 10, 10, 100, 100);

Similarly, an attacker can provide unsanitized image URLs to the other methods as well, causing high CPU utilization and denial of service:

var maliciousSvg = "....."; // Large SVG data causing high CPU utilization
var doc = new jsPDF();
doc.addSvgAsImage(maliciousSvg, 10, 10, 100, 100);

Solution

To fix this vulnerability, it is recommended to upgrade your jsPDF library to version 3..1 or higher. The latest version of the library includes proper input validation and sanitization for the addImage, html, and addSvgAsImage methods, mitigating the risk of a denial-of-service attack.

jsPDF GitHub Repository - Refer to the repository for the latest release of jsPDF

Conclusion

Ensuring the security of your applications and services is of utmost importance. Regularly reviewing your applications' dependencies and applying security patches and updates is essential to safeguard your application and users against potential vulnerabilities. In the case of jsPDF, upgrading to version 3..1 or higher can protect your application from the CVE-2025-29907 vulnerability and ensure its stability and availability.

Timeline

Published on: 03/18/2025 19:15:51 UTC