Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

opera -- multiple vulnerabilities

Description:

iDefense reports:

The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially user controlled data.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious image and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

A flaw exists within Opera's Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

References:

Affects:

portaudit: opera -- multiple vulnerabilities

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.


Oliver Eikemeier <eik@FreeBSD.org>