Key Information Vulnerability Type Denial of Service (DoS) Severity High (CVSS v4 Base Score: 8.7/10) Affected Scope Affected Versions: = 3.0.2 Description User-controlled first parameter of the method can lead to excessive CPU usage and denial of service. If unfiltered image data or URLs are allowed to be passed to the method, an attacker can supply a malicious PNG file, causing high CPU utilization and denial of service. Example Code Mitigation Upgrade to jspdf@>=3.0.2. In this version, invalid PNG files will throw an error instead of causing long-running loops. Workarounds Filter image data or URLs before passing them to the method or other affected methods. Related Vulnerabilities CVE ID: CVE-2025-57810 Weaknesses: CWE-20, CWE-835 Researcher Aleksey Solovev (Positive Technologies)