{ "threat_severity" : "Moderate", "public_date" : "2025-08-26T15:37:28Z", "bugzilla" : { "description" : "jspdf: jsPDF Denial of Service (DoS)", "id" : "2391077", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2391077" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.", "An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in." ], "statement" : "The availability impact of this flaw is limited on Red Hat systems as the host operating system is not at risk of degradation.", "affected_release" : [ { "product_name" : "Multicluster Global Hub 1.6.2", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6226", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.6::el9", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1773650060" } ], "package_state" : [ { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Out of support scope", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-57810\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-57810\nhttps://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9\nhttps://github.com/parallax/jsPDF/pull/3880\nhttps://github.com/parallax/jsPDF/releases/tag/v3.0.2\nhttps://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw" ], "name" : "CVE-2025-57810", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }