Severity
Moderate
Description
WebP images may be used as fill patterns in a HTML5 Canvas, and the values of each pixel in the image can then be intentionally read using scripts. Specially crafted WebP images may specify the wrong size for certain parts of their data, which causes Opera to read data from the wrong positions in memory. This random data can then be used as the canvas fill pattern, and the memory values read by scripts. The memory revealed will not be fully controllable by the attacker, but may in some cases reveal sensitive information.
Opera’s Response
Opera Software has released Opera 12.10, where this issue has been fixed.
Credits
Thanks to the Google Security Group for reporting this issue to Opera Software