CVE-2026-24133
MED 6.5jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.
Affected Applications in Environment
13
Parallels Desktop
v20.1.2 (55742)
1 device
Parallels Desktop
v26.2.0 (57363)
1 device
Parallels Desktop
v20.0.0 (55653)
1 device
Parallels Desktop
v26.3.0 (57392)
2 devices
Parallels Desktop
v26.3.0 (57363)
1 device
Parallels Desktop
v26.2.2 (57373)
5 devices
Parallels Desktop
v1.20.4 (23908)
2 devices
Parallels Desktop
v26.2.2 (57293)
1 device
Parallels Desktop
v1.26.2 (23919)
1 device
Parallels Desktop
v26.1.2 (57293)
2 devices
Parallels Desktop
v26.3.0 (57373)
1 device
Parallels Desktop
v18.3.4 (53630)
2 devices
Parallels Desktop
v20.2.2 (55879)
1 device
Affected Devices
17
Barbara-Wilkinsons-iMac-27.local
Mac
EOP-MBP-3.local
Mac
F-16
Mac
a00017110-J7TV3C9HW5
Mac
a00596491-HK02DWTXXR
Mac
a00983376-G09J49PM70
Mac
a01662531-GX0LV9N9N0
Mac
a01841079-LK4T0Y7FP4
Mac
a02038137-Q1J07Y3V07
Mac
a02213466-C2V9D4WYJM
Mac
a02273006-FV4CYP2NJ3
Mac
a02324477-RR73X1VHHP
Mac
a02388352-LQ22WMQLKF
Mac
a02460298-NF236KX9TJ
Mac
a02480849-L4V042QWGK
Mac
cehsadmin's MacBook Pro-C02CK7K4MD6M
Mac
murftastic.local
Mac