Resized canvas patterns can cause Opera to execute arbitrary code – Opera Security Advisories



Moderately Severe


Problem Description


HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.


Opera’s Response


Opera Software has released Opera 9.27 with a fix for this vulnerability.




Thanks to Michal Zalewski for reporting this issue to Opera Software.