CVE-2018-17201 (commons_imaging)

Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
Source: NIST
CVE-2018-17201 (commons_imaging)