Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
[
{
"product": "Apache Commons Imaging",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Sanselan 0.97-incubator"
}
]
}
]