The specific flaw exists within the AWT mlib library. The issue lies in a failure to properly validate the number of channels leading to out-of-bounds array accesses. An attacker can leverage this vulnerability to execute code under the context of the current process.
Oracle has issued an update to correct this vulnerability. More details can be found at: