Opera JPEG Processing Integer Overflow Vulnerability

2006-06-27 / 2006-06-28

Credit: VigilantMinds Advisories

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-3198

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)
Summary:
An integer overflow vulnerability exists in the Opera Web Browser due to
the improper handling of JPEG files.
Impact:
Remote Code Execution
Affected Versions:
Opera 8.54 and Earlier
Details:
If excessively large height and width values are specified in certain
fields of a JPEG file, an integer overflow may cause Opera to allocate
insufficient memory for the image. This will lead to a buffer overflow
when the image is loaded into memory, which can be exploited to execute
arbitrary code.
Recommended Actions:
It is recommended that users upgrade to Opera 9.00, which addresses this
vulnerability. Additionally, users should exercise caution while
accessing the web, and should do so from accounts with limited
privileges.
Timeline:
Reported: 4/25/2006
Fixed: 6/20/2006
Credit:
Chris Ries
References:
Opera Website: http://www.opera.com
VigilantMinds Website: http://www.vigilantminds.com

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Opera JPEG Processing Integer Overflow Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.