Description
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Remediation
References
https://access.redhat.com/errata/RHSA-2018:2669
https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E
Related Vulnerabilities
CVE-2018-16487 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-flink-table
CVE-2021-46708 Vulnerability in maven package org.webjars.npm:swagger-ui
CVE-2021-29446 Vulnerability in npm package jose-node-cjs-runtime
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:sbt