GIF Flaw in Sun's JVM

Wow…now that I've started to look, it seems like Sun has really bad patch times. I recently came across this advisory over at the Zero Day Initiative, which is for a flaw with how Java handles malformed GIFs. It was reported 7 months ago and just released now.

Anyway, this sounds like a fairly simple/standard issue of playing with fields in the image header (in this case the width and size) and then overwriting memory to overwrite a pointer which will later get dereferenced. The fix is to get an update of the Java Runtime Environment (Java 5 update 10 for most people, but see the Sun advisory here)

This issue is assigned CVE-2007-0243