Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opera_browser | Opera | 9.0 (including) | 9.0 (including) |
| Opera_browser | Opera | 9.0-beta1 (including) | 9.0-beta1 (including) |
| Opera_browser | Opera | 9.0-beta2 (including) | 9.0-beta2 (including) |
| Opera_browser | Opera | 9.01 (including) | 9.01 (including) |
| Opera_browser | Opera | 9.02 (including) | 9.02 (including) |
| Opera_browser | Opera | 9.10 (including) | 9.10 (including) |
| Opera_browser | Opera | 9.12 (including) | 9.12 (including) |
| Opera_browser | Opera | 9.20 (including) | 9.20 (including) |
| Opera_browser | Opera | 9.20-beta1 (including) | 9.20-beta1 (including) |
| Opera_browser | Opera | 9.21 (including) | 9.21 (including) |
| Opera_browser | Opera | 9.22 (including) | 9.22 (including) |
| Opera_browser | Opera | 9.23 (including) | 9.23 (including) |
| Opera_browser | Opera | 9.24 (including) | 9.24 (including) |
| Opera_browser | Opera | 9.50-beta1 (including) | 9.50-beta1 (including) |
| Opera | Ubuntu | edgy | * |
| Opera | Ubuntu | feisty | * |
| Opera | Ubuntu | upstream | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
- http://secunia.com/advisories/28314
- http://securityreason.com/securityalert/3482
- http://www.securityfocus.com/archive/1/484605/100/200/threaded
- http://www.securityfocus.com/bid/26721
- http://www.vupen.com/english/advisories/2007/4261
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
- http://secunia.com/advisories/28314
- http://securityreason.com/securityalert/3482
- http://www.securityfocus.com/archive/1/484605/100/200/threaded
- http://www.securityfocus.com/bid/26721
- http://www.vupen.com/english/advisories/2007/4261