Back to search
CVE-2011-1824
Published: May 10, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.toucan-system.com/advisories/tssa-2011-02.txt
x_refsource_MISC
VU#778396
third-party-advisory
x_refsource_CERT-VN
http://www.opera.com/docs/changelogs/mac/1061/
x_refsource_MISC
opera-select-dos(67338)
vdb-entry
x_refsource_XF
47764
vdb-entry
x_refsource_BID
http://www.opera.com/docs/changelogs/windows/1061/
x_refsource_MISC
20110509 TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write
mailing-list
x_refsource_BUGTRAQ
http://www.opera.com/docs/changelogs/unix/1061/
x_refsource_MISC
8244
third-party-advisory
x_refsource_SREASON
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now