DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-25535: The 4GB GIF: Crashing Browsers and Servers with CVE-2026-25535

#security #cve #cybersecurity

The 4GB GIF: Crashing Browsers and Servers with CVE-2026-25535

Vulnerability ID: CVE-2026-25535
CVSS Score: 8.7
Published: 2026-02-19

A logic flaw in jsPDF's bundled GIF parser allows attackers to trigger a massive memory allocation by manipulating image headers. By specifying a canvas size of 65535x65535 in a tiny GIF file, an attacker can force the application to attempt a ~4.3GB contiguous memory allocation, crashing the process immediately.

TL;DR

jsPDF < 4.2.0 trusts GIF headers blindly. A 50-byte malicious GIF can claim to be 4GB in size. When jsPDF tries to render it, it allocates memory based on those claims. Result: Instant Out-of-Memory (OOM) crash for Node.js backends or browser tabs.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-770 (Allocation of Resources Without Limits)
  • CVSS v4.0: 8.7 (High)
  • Attack Vector: Network (User uploaded image)
  • Impact: Availability (DoS via OOM)
  • Exploit Complexity: Low (Simple file header modification)
  • Privileges Required: None

Affected Systems

  • Node.js applications generating PDFs server-side
  • React/Vue/Angular apps using client-side PDF generation
  • Any system using jsPDF < 4.2.0 with user-supplied images
  • jsPDF: < 4.2.0 (Fixed in: 4.2.0)

Code Analysis

Commit: 2e5e156

Added check for image dimensions to prevent OOM

+ if (num_pixels > 512 * 1024 * 1024) throw new Error(...);
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub: PoC Python script to generate high-dimension GIF

Mitigation Strategies

  • Upgrade jsPDF to version 4.2.0 or higher.
  • Implement server-side pre-validation of image dimensions using ImageMagick or similar robust libraries before passing them to jsPDF.
  • Wrap addImage calls in try/catch blocks to handle potential RangeErrors gracefully (though this may not save a process OOM).

Remediation Steps:

  1. Run npm audit to confirm the vulnerability.
  2. Execute npm install jspdf@latest to upgrade.
  3. Verify the installed version is >= 4.2.0.
  4. Review codebases for jsPDF.addImage usage and ensure input sanitization.

References

Read the full report for CVE-2026-25535 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)