Description of problem:
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and
1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to
trigger the opening of arbitrary local files via a crafted BMP file, which
causes a denial of service (system hang) in certain cases such as /dev/tty, and
has other unspecified impact.