Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1038 https://rhn.redhat.com/errata/RHSA-2009-1038.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1198 https://rhn.redhat.com/errata/RHSA-2009-1198.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.3 Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html
*** Bug 490176 has been marked as a duplicate of this bug. ***
Upstream commits: PNG http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/7f4cf1eb7586 GIF http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/51f13571014c