Can an ISO file damage—or infect—the machine it's being burned on?
I'm wondering if an iso file can do damage to the main machine while it's burning, like the zip slip vulnerability or something.
It certainly is possible that there is a vulnerability that affects the ISO file format, but if it exists it certainly hasn't been discovered, even if it did exist it's even more unlikely it would affect the file format while the contents of the ISO was being written to the disk.
I really want to burn an ISO to a disc, but I can’t scan the file with my Anti-Virus since the file's too big.
In my experience, most modern security software can actually scan the contents, of an ISO file. If you cannot scan the contents of the ISO then I suggest using different security software. If you are using Windows 8+, you can mount the disk from within Windows, and scan the read-only contents of the disk.
If you do not trust the source of the file you should delete it immediately.
Burning an ISO to a target device alone will not expose your system to damage or infection.
Never heard of the Zip Slip Vulnerability before, but reading up on it it describes the exploit—which has never existed in the real world beyond theoretical discovery—as follows:
Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside.
On a basic level, it means that a malicious Zip file would need to be created to explicitly do some directory traversal into deeper parts of the system on the target machine. I would assume that such an exploit would also need admin privileges to be effective; meaning simple creating a Zip file that would target a restricted binary directory is not enough. Without admin rights, the effort would be inherently blocked.
But that is all dependent on a Zip file residing on a target system and then being executed with admin rights. Two massive “ifs” that most likely would never happen.
In the case of an ISO, all that is is a disc image—either compressed or not—that then gets written to a target device. I can’t recall any disc burning software that requires admin access, so there is one safety net. Next, even if the ISO is compressed it would only be able to really “traverse” the target volume. Which is most cases is a blanked out device. So it’s really a non issue if you ask me.
Of course the real risk is if you boot from that burned ISO and then all of the sudden it controls your system. But your question is about the burning process—and booting from an unknown device is a well known risk—and I cannot see burning an image to any device be a risky endeavor.