CVE-2025-29907

HIGH Year: 2025
Weakness Type
CWE-400
View all →

Vulnerability Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.

Related Vulnerabilities

CVE-2013-20004

CRITICAL
CVSS:9.8(Critical)

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by try...

CWE-4002013

CVE-2015-4412

CRITICAL
CVSS:9.8(Critical)

BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data v...

CWE-4002015

CVE-2017-1000378

CRITICAL
CVSS:9.8(Critical)

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows...

CWE-4002017

CVE-2017-9104

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.

CWE-4002017

CVE-2017-9119

CRITICAL
CVSS:9.8(Critical)

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by...

CWE-4002017

CVE-2018-11936

CRITICAL
CVSS:9.8(Critical)

Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snap...

CWE-4002018