CVE-2025-57810: 
JavaScript vulnerability analysis and mitigation

CVE-2025-57810 affects jsPDF, a library for generating PDFs in JavaScript. The vulnerability was discovered and disclosed on August 26, 2025, affecting versions prior to 3.0.2. The issue allows user control of the first argument of the addImage method, which can result in CPU utilization and denial of service when processing unsanitized image data or URLs (GitHub Advisory, NVD).

The vulnerability stems from improper input validation (CWE-20) and potential infinite loop conditions (CWE-835) in the PNG image processing functionality. When processing malformed PNG files through the addImage method, the application can enter long-running loops causing high CPU utilization. The vulnerability has a CVSS v4.0 base score of 8.7 (High) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N, indicating it can be exploited remotely without requiring privileges or user interaction (GitHub Advisory).

The successful exploitation of this vulnerability can lead to denial of service conditions through high CPU utilization when processing malicious PNG files. The impact is primarily on system availability, with no direct effect on confidentiality or integrity (GitHub Advisory).

The vulnerability has been fixed in jsPDF version 3.0.2. Users should upgrade to this version or later, where invalid PNG files now throw an Error instead of causing very long running loops. As a workaround, users can implement input sanitization for image data or URLs before passing them to the addImage method (GitHub Advisory, GitHub Release).