Oracle hasn't commented on statements from a reputable researcher that this is a heap-centered buffer overflow that allows distant attackers to execute arbitrary code, connected with an "invalid assignment" and inconsistent duration values in a very JPEG impression encoder (JPEGImageEncoderImpl). CVE-2010-0841 Oracle has not commented on statement