Resource exhaustion in Parallax Jspdf

CVE-2026-24133

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage meth…

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Parallax Jspdf — versions < 4.1.0

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c (x_refsource_CONFIRM)
https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d (x_refsource_MISC)
https://github.com/parallax/jsPDF/releases/tag/v4.1.0 (x_refsource_MISC)