Description
Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
Remediation
References
https://lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa%40%3Cdev.commons.apache.org%3E
Related Vulnerabilities
CVE-2018-8036 Vulnerability in maven package org.apache.pdfbox:fontbox
CVE-2019-0205 Vulnerability in npm package thrift
CVE-2019-0205 Vulnerability in maven package org.webjars.npm:thrift
CVE-2018-1999044 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2017-6056 Vulnerability in maven package org.apache.tomcat:tomcat-coyote