A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files.
The realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ISO file.
Created libcdio tracking bugs for this issue:
Affects: fedora-all [bug 1549713]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3246 https://access.redhat.com/errata/RHSA-2018:3246