Java SE 6 Update 31 and Java SE 7 Update 3 of Oracle/Sun Java fixes an unspecified vulnerability in the Java2D component (CVE-2012-0498). Upstream has CVSSv2 scored this issue as: 10/AV:N/AC:L/Au:N/C:C/I:C/A:C http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0139 https://rhn.redhat.com/errata/RHSA-2012-0139.html
According to ZDI-12-060, this is integer overflow leading to heap-based buffer overflow issue. Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-060/
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0508 https://rhn.redhat.com/errata/RHSA-2012-0508.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0514 https://rhn.redhat.com/errata/RHSA-2012-0514.html
(In reply to comment #2) > According to ZDI-12-060, this is integer overflow leading to heap-based > buffer overflow issue. > > Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution > Vulnerability > http://www.zerodayinitiative.com/advisories/ZDI-12-060/ Additionally, according to: http://www.attrition.org/pipermail/vim/2012-June/002572.html CVE-2012-0498 is also related to: http://www.zerodayinitiative.com/advisories/ZDI-12-032/ It seems the CVE was used for multiple issues.
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html