CVE-2025-57810 HIGH

CVE-2025-57810: jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

Vendor Parallax
Product jsPDF
Weakness CWE-20 · Input validation
Published August 26, 2025
Last update August 26, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

Key dates

02Disclosure timeline

August 26, 2025 CVE published
August 26, 2025 Record updated