iDefense Security Advisory 01.05.07 - Remote exploitation of a heap overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code in the security context of the current user. The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially user controlled data. iDefense has confirmed the existence of this vulnerability in Opera version 9.02 on both Windows and Linux. Previous versions may also be affected.
6c351dd5914ce569d5878f873352109dbf8f71015507f1fc7195ecfe13fb77be