A vulnerability in Sun JDK image parsing library allows attackers that can supply the JDK with a malformed JPEG file to trigger a buffer overflow which in turn can be used at the very least to crash the Java environment, but in more problematic cases to execute arbitrary code.

http://www.securiteam.com/securitynews/5SP0E1PNQA.html