A JPEG image with a malformed header can crash Opera – Opera Security Advisories

Summary

A JPEG image with a malformed header can crash Opera, and causearbitrary code to be run.

 

Severity

Moderate

 

Problem description

A specially crafted DHT marker in the JPEG file header can causea heap overflow.

 

The malformed image alone will only cause a crash. To exploitthe flaw, the computer’s memory must first be filled up withcode of the attacker’s choice. This is not trivial to do reliably,so attempted attacks will often cause crashes without succeedingwith the exploit.

 

Opera’s response

Opera Software has released Opera version 9.10, where thisflaw has been corrected.

 

Credits

Thanks to iDefense Labs for notifying Opera Software aboutthis vulnerability.