(Updated) Specially crafted JPEG images enables the execution of arbitrary code. – Opera Security Advisories

Summary

A specially crafted JPEG image can enable the execution ofarbitrary code.

Severity: Critical

 

Affected versions: Versions prior to 9.0 of Opera forMicrosoft Windows and Mac OS X.

 

Not affected: Opera for Linux, FreeBSD and Solaris.

Problem description

A specially crafted JPEG image header can trick Opera into allocatingthe wrong amount of memory for the image. This can make Opera crash,or worse, execute code that has been placed into memory in advance.

Exploitability

The image alone can not inject arbitrary code, and will only causeOpera to crash or malfunction. However, used in combination withother methods, it is possible to execute arbitrary code. In mostcases the attempt will fail, and Opera will just crash.

Workarounds

Disabling JavaScript makes it much harder to exploit this flaw.Changing the display settings to 256 colors in Microsoft Windowswill defeat the exploit completely.

Opera’s response

 

Opera has released Opera 9.0, which does not have this flaw.

Credits

Thanks to Chris Ries, VigilantMinds Inc., for reporting this issue.