In January 2007 a flaw was found affecting the SUN JRE; "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption."
The list of fixed products with their respective errata is here: https://access.redhat.com/security/cve/CVE-2007-0243