CVE-2026-25535
HIGH 7.5jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
Affected Applications in Environment
13
Parallels Desktop
v20.1.2 (55742)
1 device
Parallels Desktop
v26.2.0 (57363)
1 device
Parallels Desktop
v20.0.0 (55653)
1 device
Parallels Desktop
v26.3.0 (57392)
2 devices
Parallels Desktop
v26.3.0 (57363)
1 device
Parallels Desktop
v26.2.2 (57373)
5 devices
Parallels Desktop
v1.20.4 (23908)
2 devices
Parallels Desktop
v26.2.2 (57293)
1 device
Parallels Desktop
v1.26.2 (23919)
1 device
Parallels Desktop
v26.1.2 (57293)
2 devices
Parallels Desktop
v26.3.0 (57373)
1 device
Parallels Desktop
v18.3.4 (53630)
2 devices
Parallels Desktop
v20.2.2 (55879)
1 device
Affected Devices
17
Barbara-Wilkinsons-iMac-27.local
Mac
EOP-MBP-3.local
Mac
F-16
Mac
a00017110-J7TV3C9HW5
Mac
a00596491-HK02DWTXXR
Mac
a00983376-G09J49PM70
Mac
a01662531-GX0LV9N9N0
Mac
a01841079-LK4T0Y7FP4
Mac
a02038137-Q1J07Y3V07
Mac
a02213466-C2V9D4WYJM
Mac
a02273006-FV4CYP2NJ3
Mac
a02324477-RR73X1VHHP
Mac
a02388352-LQ22WMQLKF
Mac
a02460298-NF236KX9TJ
Mac
a02480849-L4V042QWGK
Mac
cehsadmin's MacBook Pro-C02CK7K4MD6M
Mac
murftastic.local
Mac