QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-24133

Back to search

CVE-2026-24133

Published: Feb 2, 2026

Modified: Feb 3, 2026

PUBLISHED

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in [email protected].

VendorProductVersions

parallax

jsPDF

affected
< 4.1.0

Weaknesses (CWE)

CWE-770

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now