2436115 – (CVE-2026-24737) CVE-2026-24737 jsPDF: jsPDF: Arbitrary code execution via unsanitized input in Acroform module

Bug 2436115 (CVE-2026-24737) - CVE-2026-24737 jsPDF: jsPDF: Arbitrary code execution via unsanitized input in Acroform module

Summary: CVE-2026-24737 jsPDF: jsPDF: Arbitrary code execution via unsanitized input i...

Keywords:
Status:	NEW
Alias:	CVE-2026-24737
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-03 00:02 UTC by OSIDB Bzimport
Modified:	2026-02-03 09:27 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-03 00:02:14 UTC

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF.0.

Note You need to log in before you can comment on or make changes to this bug.