Specially crafted SVG images can allow execution of arbitrary code – Opera Security Advisories

Severity

Critical

Description

Opera can display images created using the Scalable Vector Graphics (SVG) format. Specially crafted and malformed SVG images may cause Opera to crash when their documents are unloaded, and the crash may allow execution of malicious arbitrary code. To inject code, additional techniques will have to be employed.

Opera’s Response

Opera Software has released Opera 12.10, where this issue has been fixed.

Credits

Thanks to Attila Suszter for reporting this issue to Opera Software