A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
{ "cpe": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.18" } ], "source": "CPE_RANGE" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1338.json"