Описание
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: html. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service.
Отчет
To exploit this flaw, an attacker must be able to process a specially crafted GIF file with an application using the addImage or html methods. This issue can cause the application to allocate an excessive amount of memory, eventually resulting in a denial of service with no other security impact. Due to this reason, this vulnerability has been rated with an important severity.
Меры по смягчению последствий
To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-main-rhel8 | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
7.5 High
CVSS3