Heap buffer overflow in string to number conversion – Opera Security Advisories


Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed.


Extremely severe

Opera’s Response

Opera Software has released Opera 10.10 where this issue has been fixed.