{"id":"CVE-2018-1338","details":"A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.","aliases":["GHSA-5mf7-26mw-3rqr"],"modified":"2026-05-18T15:27:06.764183Z","published":"2018-04-25T21:29:00.343Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932%40%3Cdev.tika.apache.org%3E"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2669"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tika","events":[{"introduced":"0"},{"fixed":"38ff2a986af24ee255f1f91d654ea402f4016696"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.18"}],"cpe":"cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["1.18-rc1","1.17","1.15-rc1","1.12-rc1","1.12"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1338.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}