Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories

Severity

 

Moderately Severe

 

Problem Description

 

HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.

 

Opera’s Response

 

Opera Software has released Opera 9.27 with a fix for this vulnerability.

 

Credits

 

Thanks to Michal Zalewski for reporting this issue to Opera Software.