CVE-2007-4944 | Vulnerability Database | Aqua Security

The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.

Affected Software

Name	Vendor	Start Version	End Version
Opera_browser	Opera	9.0 (including)	9.0 (including)
Opera_browser	Opera	9.0-beta1 (including)	9.0-beta1 (including)
Opera_browser	Opera	9.0-beta2 (including)	9.0-beta2 (including)
Opera_browser	Opera	9.01 (including)	9.01 (including)
Opera_browser	Opera	9.02 (including)	9.02 (including)
Opera_browser	Opera	9.10 (including)	9.10 (including)
Opera_browser	Opera	9.12 (including)	9.12 (including)
Opera_browser	Opera	9.20 (including)	9.20 (including)
Opera_browser	Opera	9.20-beta1 (including)	9.20-beta1 (including)
Opera_browser	Opera	9.21 (including)	9.21 (including)

References

http://osvdb.org/45946
http://security.gentoo.org/glsa/glsa-200708-17.xml
http://www.opera.com/docs/changelogs/freebsd/922/
http://www.opera.com/docs/changelogs/linux/922/
http://www.opera.com/docs/changelogs/solaris/922/
http://www.opera.com/support/search/view/861/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4944
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html