2 New Opera Vulnerabilities (JPEG and SVG/JavaScript)

On 1/5/07 iDefense released two advisories for flaws in Opera. The Opera advisories are here and here.

The first iDefense advisory is a heap overflow in the way that it deals with JPEGs. It appears that Opera is parsing the JPEG itself rather than relying on any external code. This issue is fixed in Opera 9.10. No CVE is issued for this issue yet.

If I am interpreting the second one correctly, it implies that it is using JavaScript to render SVG images. Then the vulnerability is specifically in createSVGTransformFromMatrix() which can allow an attacker to ultimately make a virtual function call to a user-supplied pointer. This one is also fixed in Opera 9.10. No CVE is issued for this issue yet.