CVE-2013-1638

Opera < 12.13 - Remote Code Execution via SVG clipPaths

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1638. PoCs published by Cons0ul.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Opera's SVG handling to achieve arbitrary code execution. It uses heap spraying with ArrayBuffer objects to control memory allocation and trigger the vulnerability via clipPath manipulation.

Description

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cons0ul · doswindows
https://www.exploit-db.com/exploits/24448

This exploit leverages a use-after-free vulnerability in Opera's SVG handling to achieve arbitrary code execution. It uses heap spraying with ArrayBuffer objects to control memory allocation and trigger the vulnerability via clipPath manipulation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Opera Browser (version unspecified, likely pre-2013)
No auth needed
Prerequisites: Victim must open the malicious SVG file in a vulnerable version of Opera Browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unified/1213/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/1043/
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html

Scores

EPSS 0.2542
EPSS Percentile 96.3%

Details

CWE
CWE-94
Status published
Products (6)
opera/opera_browser 12.00 (2 CPE variants)
opera/opera_browser 12.01
opera/opera_browser 12.02
opera/opera_browser 12.10 (2 CPE variants)
opera/opera_browser 12.11
opera/opera_browser < 12.12
Published Feb 08, 2013
Tracked Since Feb 18, 2026