Use of SVG clipPaths can allow execution of arbitrary code – Opera Security Advisories




When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur.


Opera’s response

Opera Software has released Opera 12.13, where this issue has been fixed.


Anonymous via the iSIGHT Partners GVP Program.