CVE-2009-1097

Name of the Vulnerable Software and Affected Versions Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 12 and earlier

Description The issue allows remote attackers to access files or execute arbitrary code via crafted images. Specifically, it can be triggered by a crafted PNG image that causes an integer overflow during memory allocation for display on the splash screen. Additionally, a crafted GIF image can lead to object-pointer corruption due to unspecified values used in offset calculations.

Recommendations For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 12 and earlier, update to a version later than 6 Update 12 to resolve the issue.