ID CVE-2006-3198
Summary Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.
References
Vulnerable Configurations
  • cpe:2.3:a:opera_software:opera_web_browser:5.0:-:linux
    cpe:2.3:a:opera_software:opera_web_browser:5.0:-:linux
  • cpe:2.3:a:opera_software:opera_web_browser:5.0:-:mac
    cpe:2.3:a:opera_software:opera_web_browser:5.0:-:mac
  • cpe:2.3:a:opera_software:opera_web_browser:5.0.2:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:5.0.2:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:5.10:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:5.10:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:5.11:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:5.11:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:5.12
    cpe:2.3:a:opera_software:opera_web_browser:5.12
  • cpe:2.3:a:opera_software:opera_web_browser:5.12:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:5.12:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0
    cpe:2.3:a:opera_software:opera_web_browser:6.0
  • cpe:2.3:a:opera_software:opera_web_browser:6.0:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1:-:linux
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1:-:linux
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.2:-:linux
    cpe:2.3:a:opera_software:opera_web_browser:6.0.2:-:linux
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.2:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.2:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.3:-:linux
    cpe:2.3:a:opera_software:opera_web_browser:6.0.3:-:linux
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.3:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.3:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.4:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.4:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.5:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.5:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.6
    cpe:2.3:a:opera_software:opera_web_browser:6.0.6
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.6:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:6.0.6:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:6.10:-:linux
    cpe:2.3:a:opera_software:opera_web_browser:6.10:-:linux
  • cpe:2.3:a:opera_software:opera_web_browser:7.0:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.1:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0.1:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.2:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0.2:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.3:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0.3:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:-:win32
    cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:-:win32
  • cpe:2.3:a:opera_software:opera_web_browser:7.10
    cpe:2.3:a:opera_software:opera_web_browser:7.10
  • cpe:2.3:a:opera_software:opera_web_browser:7.11
    cpe:2.3:a:opera_software:opera_web_browser:7.11
  • cpe:2.3:a:opera_software:opera_web_browser:7.11b
    cpe:2.3:a:opera_software:opera_web_browser:7.11b
  • cpe:2.3:a:opera_software:opera_web_browser:7.11j
    cpe:2.3:a:opera_software:opera_web_browser:7.11j
  • cpe:2.3:a:opera_software:opera_web_browser:7.20
    cpe:2.3:a:opera_software:opera_web_browser:7.20
  • cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981
    cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981
  • cpe:2.3:a:opera_software:opera_web_browser:7.21
    cpe:2.3:a:opera_software:opera_web_browser:7.21
  • cpe:2.3:a:opera_software:opera_web_browser:7.22
    cpe:2.3:a:opera_software:opera_web_browser:7.22
  • cpe:2.3:a:opera_software:opera_web_browser:7.23
    cpe:2.3:a:opera_software:opera_web_browser:7.23
  • cpe:2.3:a:opera_software:opera_web_browser:7.50
    cpe:2.3:a:opera_software:opera_web_browser:7.50
  • cpe:2.3:a:opera_software:opera_web_browser:7.51
    cpe:2.3:a:opera_software:opera_web_browser:7.51
  • cpe:2.3:a:opera_software:opera_web_browser:7.52
    cpe:2.3:a:opera_software:opera_web_browser:7.52
  • cpe:2.3:a:opera_software:opera_web_browser:7.53
    cpe:2.3:a:opera_software:opera_web_browser:7.53
  • cpe:2.3:a:opera_software:opera_web_browser:7.54
    cpe:2.3:a:opera_software:opera_web_browser:7.54
  • cpe:2.3:a:opera_software:opera_web_browser:8.0
    cpe:2.3:a:opera_software:opera_web_browser:8.0
  • cpe:2.3:a:opera_software:opera_web_browser:8.01
    cpe:2.3:a:opera_software:opera_web_browser:8.01
  • cpe:2.3:a:opera_software:opera_web_browser:8.02
    cpe:2.3:a:opera_software:opera_web_browser:8.02
  • cpe:2.3:a:opera_software:opera_web_browser:8.50
    cpe:2.3:a:opera_software:opera_web_browser:8.50
  • cpe:2.3:a:opera_software:opera_web_browser:8.51
    cpe:2.3:a:opera_software:opera_web_browser:8.51
  • cpe:2.3:a:opera_software:opera_web_browser:8.52
    cpe:2.3:a:opera_software:opera_web_browser:8.52
  • cpe:2.3:a:opera_software:opera_web_browser:8.53
    cpe:2.3:a:opera_software:opera_web_browser:8.53
  • cpe:2.3:a:opera_software:opera_web_browser:8.54
    cpe:2.3:a:opera_software:opera_web_browser:8.54
  • cpe:2.3:a:opera_software:opera_web_browser:8_beta_3
    cpe:2.3:a:opera_software:opera_web_browser:8_beta_3
CVSS
Base: 7.5 (as of 26-06-2006 - 12:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0A4CD819029111DBBBF7000C6EC775D9.NASL
    description The remote host is missing an update to the system The following package is affected: linux-opera This plugin has been deprecated since the advisory has been canceled.
    last seen 2016-09-26
    modified 2015-12-02
    plugin id 21741
    published 2006-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21741
    title FreeBSD : opera -- JPEG processing integer overflow vulnerability (799) (deprecated)
  • NASL family Windows
    NASL id OPERA_900.NASL
    description The version of Opera installed on the remote host reportedly contains an issue that presents itself when the height and width parameters of a JPEG image are set excessively high, causing Opera to allocate insufficient memory for the image and crash as it tries to write to memory at the wrong location. In addition, it is reportedly affected by a flaw that may allow an attacker to display an SSL certificate from a trusted site on an untrusted one.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21786
    published 2006-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21786
    title Opera < 9.00 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPERA-1699.NASL
    description The webbrowser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem : CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code. This updates the previous version, which had a directory conflict.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27373
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27373
    title openSUSE 10 Security Update : opera (opera-1699)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPERA-1697.NASL
    description The webbrowser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem : CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27372
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27372
    title openSUSE 10 Security Update : opera (opera-1697)
refmap via4
bid 18594
bugtraq 20060622 VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)
misc http://www.vigilantminds.com/advi_detail.php?id=45
sectrack 1016362
secunia
  • 20787
  • 20897
sreason 1133
suse SUSE-SA:2006:038
vupen ADV-2006-2491
xf opera-jpeg-bo(27318)
Last major update 07-03-2011 - 21:38
Published 23-06-2006 - 16:06
Last modified 18-10-2018 - 12:46
Back to Top