Severity
Moderately Severe
Problem Description
HTML CANVAS elements can use scaled images as patterns. With suitable scaling manipulation of the image, a script can cause Opera to crash. This crash can sometimes cause memory corruption. To inject code, additional techniques will have to be employed.
Opera’s Response
Opera Software has released Opera 9.27 with a fix for this vulnerability.
Credits
Thanks to Michal Zalewski for reporting this issue to Opera Software.