SB2026042735 - Multiple vulnerabilities in jspdf
Published: April 27, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper Encoding or Escaping of Output (CVE-ID: CVE-2026-25940)
The vulnerability allows a remote attacker to execute arbitrary JavaScript.
The vulnerability exists due to improper encoding or escaping of output in the AcroForm module when processing unsanitized input for the AcroformChildClass.appearanceState property. A remote attacker can supply a specially crafted property value to execute arbitrary JavaScript.
User interaction is required when the victim hovers over the radio option in the generated PDF.
2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-25535)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the addImage and html methods when processing unsanitized GIF image data or URLs. A remote attacker can provide a crafted GIF file with large width or height header values to cause a denial of service.
The issue can trigger out-of-memory errors through excessive memory allocation.
3) Code Injection (CVE-ID: CVE-2026-25755)
The vulnerability allows a remote attacker to inject arbitrary PDF objects into the generated document.
The vulnerability exists due to improper control of code generation in the addJS method when processing user-supplied JavaScript input. A remote attacker can supply a crafted addJS argument to inject arbitrary PDF objects into the generated document.
User interaction is required to open the generated PDF, and injected additional actions may execute when the document is opened or receives focus.
Remediation
Install update from vendor's website.
References
- https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m
- https://github.com/advisories/GHSA-p5xg-68wr-hm3m
- https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj
- https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md
- https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp
- https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md