CVE-2025-11362
- Source
- https://cve.org/CVERecord?id=CVE-2025-11362
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11362.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-11362
- Aliases
- Downstream
- Related
- Published
- 2025-10-07T05:15:33.787Z
- Modified
- 2026-03-09T23:52:32.820271Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
- References
Affected packages
Git / github.com/bpampuch/pdfmake
Affected versions
0.*
0.0.10
0.0.11
0.0.12
0.0.13
0.0.14
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.15
0.1.17
0.1.18
0.1.2
0.1.20
0.1.22
0.1.23
0.1.24
0.1.25
0.1.26
0.1.27
0.1.28
0.1.29
0.1.3
0.1.30
0.1.31
0.1.32
0.1.33
0.1.34
0.1.35
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.6
0.1.7
0.1.8
0.3.0-beta.1
0.3.0-beta.10
0.3.0-beta.11
0.3.0-beta.12
0.3.0-beta.13
0.3.0-beta.14
0.3.0-beta.15
0.3.0-beta.16
0.3.0-beta.2
0.3.0-beta.3
0.3.0-beta.4
0.3.0-beta.5
0.3.0-beta.6
0.3.0-beta.7
0.3.0-beta.8
0.3.0-beta.9
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0-beta9"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11362.json"