In association with heise online

24 June 2006, 09:50

Opera problems with JPEG images

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers can use specially prepared JPEG images to inject arbitrary code into the Opera Web browser. This was made possible by a integer variables in the browser code for the processing of images with insufficient range.

Manipulated JPEG images that contain very large values for the height or width in certain fields of the JPEG header can cause an integer variable to overload. As a result, too little memory is allocated for the image, causing a buffer overload. heise Security's background article A heap of risk discusses an example where an integer overflow in the calculation of the image size causes a heap overflow. It explains in detail how this can be exploited by attackers to execute code included in a specially prepared image file.

Opera 8.54 and older versions are affected by this problem. In version 9.0 of the browser released on Tuesday 20th June 2006, the vendor has remedied the flaw. All Opera users should therefore immediately install this new version.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit