realloc_symlink in rock.c in GNU libcdio-dev before 1.0.0 allows remote attackers to cause a denial of service via a crafted iso file.