libpffitemtreecreatenode in libpffitemtree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdatatreegetnodevalue in libfdata_tree.c.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20348.json"
[ { "events": [ { "introduced": "0" }, { "fixed": "20180714" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "experimental-20180714" } ] } ]