Heap buffer overflow in HTML5 canvas can be used to execute arbitrary code – Opera Security Advisories

Severity

High

Description

Performing some painting operations on a canvas while certain transformations are being applied in Opera may result in heap buffer overflows. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.

Opera’s Response

Opera Software has released Opera 10.61 where this issue has been fixed.

Credits

Thanks to Kuzzcc for reporting this issue to Opera Software.