Advisory: Resized canvas patterns can cause Opera to execute arbitrary code

Severity

Moderately Severe

Problem Description

HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.

Opera's Response

Opera Software has released Opera 9.27 with a fix for this vulnerability.

Credits

Thanks to Michal Zalewski for reporting this issue to Opera Software.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Site Index | Contact | Privacy Copyright Opera Software ASA. All rights reserved.

my.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com