What is CVE-2025-29907?

CVE-2025-29907 is a vulnerability in Parallax Jspdf, classified under Uncontrolled Resource Consumption. Published 2025-03-18.

Is CVE-2025-29907 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Parallax Jspdf

CVE-2025-29907

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the a…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.005 (64.8th percentile) — read the EPSS interpretation.

Affected products

Parallax Jspdf — versions < 3.0.1

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-w532-jxjh-hjhj (x_refsource_CONFIRM)
https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-29907?: CVE-2025-29907 is a vulnerability in Parallax Jspdf, classified under Uncontrolled Resource Consumption. Published 2025-03-18.
Is CVE-2025-29907 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.