Please use properly prepared statements and parameters when working with a database.
SQL Injection was identified back in the late 90s and unfortunately it is still in the #12 vulnerability in websites.
So the first error I see is in your SQL statement
You can learn how to properly prepare statements and use parameters on Oracle's website: Using Prepared Statements (The Java™ Tutorials > JDBC(TM) Database Access > JDBC Basics)
String Query = "SELECT * FROM criminal WHERE CriminalID = '"+CrimiID+"'";
should be replaced with
String Query = "SELECT * FROM criminal WHERE CriminalID = ?";
Normally I would give the full code, but I am not on my development machine with it handy. I have used code similar to this Stack Overflow solution:
java - Display blob image from database into jlabel - Stack Overflow