Oracle has not commented on claims from the trustworthy researcher that this is the heap-primarily based buffer overflow that allows distant attackers to execute arbitrary code, connected to an "invalid assignment" and https://www.darkexploits.com/product/extremely-silent-jpg-exploit-new/