CVE-2018-17202 (commons_imaging)

Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
Source: NIST
CVE-2018-17202 (commons_imaging)