From 2f04179ad3370edbf849a8e56ce7a0725ac50a44 Mon Sep 17 00:00:00 2001 From: simon Date: Fri, 23 Jun 2006 08:32:01 +0000 Subject: Document opera -- JPEG processing integer overflow vulnerability. --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b85a481392a4..b2696c9bbdd5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + opera -- JPEG processing integer overflow vulnerability + + + linux-opera + opera-devel + opera + 9.0 + + + + +

A VigilantMinds Advisory reports:

+
If excessively large height and width values are + specified in certain fields of a JPEG file, an integer + overflow may cause Opera to allocate insufficient memory + for the image. This will lead to a buffer overflow when + the image is loaded into memory, which can be exploited to + execute arbitrary code.
+

+ + + + 18594 + http://marc.theaimsgroup.com/?l=bugtraq&m=115100029717146 + http://secunia.com/advisories/20787/ + + + 2006-06-22 + 2006-06-23 + + + horde -- multiple parameter cross site scripting vulnerabilities -- cgit