The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file
Go here to read the rest:
Packet Storm Advisory 2013-0819-1 – Oracle Java BytePackedRaster.verify()