In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. References: https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E
Created tika tracking bugs for this issue: Affects: fedora-all [bug 1632467]
Upstream commit: https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc7
Some more details can be found in: https://www.modzero.ch/modlog/archives/2018/09/20/java_bugs_with_and_without_fuzzing/index.html with test case available at: https://github.com/modzero/mod0javaFuzzingResults/blob/master/12_hang_tika_iptc.iptc
RHN Satellite 5 is shipped with an older version of tika, that is not affected by this flaw.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-8017