An integer overflow, leading to heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particular inode. A remote attacker could provide a specially-crafted ISO file that, when mounted via fuseiso tool would lead to fuseiso binary crash.
This issue was discovered by Florian Weimer of Red Hat Product Security Team.
This issue affects the versions of the fuseiso package, as shipped with Fedora release of 16 and 17.
Debian bug #779047 brought me here: is there a PoC ISO file that causes this issue to happen?