Vigil@nce - Opera: buffer overflow via GIF images
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a specially ill formed GIF image and invite
an user to view it with Opera, in order to make the user’s host
execute code.
Impacted products: Opera
Severity: 2/4
Creation date: 06/12/2012
Revision date: 18/12/2012
DESCRIPTION OF THE VULNERABILITY
Opera supports GIF images.
To decode and then display an image, Opera allocates a buffer the
size of which is provided by the GIF file. However, with some
inconsistent files, the needed buffer size is wrongly computed.
So, the image loading leads to a buffer overflow.
An attacker can therefore create a specially ill formed GIF image
and invite an user to view it with Opera, in order to make the
user’s host execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Opera-buffer-overflow-via-GIF-images-12213