print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
https://savannah.gnu.org/bugs/?52265
https://access.redhat.com/errata/RHSA-2018:3246