Описание
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
Ссылки
EPSS
Процентиль: 27%
0.0009
Низкий
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.3
redhat
11 дней назад
An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.
debian
11 дней назад
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, use ...
EPSS
Процентиль: 27%
0.0009
Низкий
Дефекты
CWE-20