Severity
High
Advisory
When SVG documents with specifically prepared clipPaths are used in Opera, Opera may allow other content to overwrite the memory, before referencing the memory, which will lead to a crash. If an attacker can control the contents being written into memory, execution of arbitrary code may occur.
Opera’s response
Opera Software has released Opera 12.13, where this issue has been fixed.
Credits
Anonymous via the iSIGHT Partners GVP Program.