|The BMP image parser in Sun Java Development Kit (JDK) before
1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime
Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier,
SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and
earlier, when running on Unix/Linux systems, allows remote attackers
to cause a denial of service (JVM hang) via untrusted applets or
applications that open arbitrary local files via a crafted BMP file,
such as /dev/tty.