Advisory: A JPEG image with a malformed header can crash Opera

Summary

A JPEG image with a malformed header can crash Opera, and cause arbitrary code to be run.

Severity: Moderate

Problem description

A specially crafted DHT marker in the JPEG file header can cause a heap overflow.

The malformed image alone will only cause a crash. To exploit the flaw, the computer's memory must first be filled up with code of the attacker's choice. This is not trivial to do reliably, so attempted attacks will often cause crashes without succeeding with the exploit.

Opera's response

Opera Software has released Opera version 9.10, where this flaw has been corrected.

Credits

Thanks to iDefense Labs for notifying Opera Software about this vulnerability.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com