Advisory: Resized canvas patterns can cause Opera to execute arbitrary code
Severity
Moderately Severe
Problem Description
HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.
Opera's Response
Opera Software has released Opera 9.27 with a fix for this vulnerability.
Credits
Thanks to Michal Zalewski for reporting this issue to Opera Software.
Browse through articles in the same categories:
advisory
Search our knowledge base: