Out-of-bounds memory read in NTFS-3G through 2026.2.25 exposes ntfs-3g process memory contents when a victim mounts a crafted NTFS filesystem image and invokes readlink on a corrupted reparse point file. The defect resides in ntfs_fix_file_name() within libntfs-3g/reparse.c and can disclose potentially confidential in-process data - such as recently processed file paths or runtime buffers - to the attacker who supplied the malicious image. No public exploit has been identified at time of analysis; Ubuntu has confirmed patch availability via security advisory USN-8554-1.
Heap-based buffer overflow in NTFS-3G through 2026.2.25 enables a local attacker to corrupt heap memory inside the SUID-root ntfs-3g binary, creating a local privilege escalation path to root. The flaw resides in build_inherited_id() within libntfs-3g/security.c and is triggered by creating a file inside a specially crafted directory on a malicious NTFS image supplied by the attacker. No public exploit code has been identified at time of analysis; the issue was surfaced through the Ubuntu vendor security channel.
Out-of-bounds read in NTFS-3G through version 2026.2.25 exposes ntfs-3g process memory when a maliciously crafted NTFS image is mounted and a file with a specially crafted name is created on it. The flaw in ntfs_ir_nill() within the index-handling code allows an attacker who controls the filesystem image to read data from the running ntfs-3g process that may include confidential in-memory contents. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; this issue was surfaced by the Ubuntu security team.
Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt heap memory in the SUID-root ntfs-3g binary by supplying a crafted NTFS filesystem image, potentially achieving privilege escalation to root. The flaw resides in the index B-tree traversal function ntfs_index_walk_down() in libntfs-3g/index.c and is triggered during parsing of crafted file metadata. No public exploit code has been identified at time of analysis, but Ubuntu has issued a security advisory (USN-8554-1) and a vendor patch is available.
Heap buffer overflow in NTFS-3G through 2026.2.25 allows local privilege escalation to root via a crafted NTFS filesystem image. The overflow occurs in ntfs_ib_cut_tail() within the index management code when a file is created inside a specially constructed directory on a malicious NTFS image. Because the ntfs-3g binary runs as SUID-root, heap corruption in this process can yield code execution with root privileges. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis.