Severity by source
Local vector because exploitation requires processing a crafted image file; no privileges needed but user must invoke ntfscat; heap corruption enables full CIA impact.
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat() in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file.
AnalysisAI
Heap buffer overflow in NTFS-3G's ntfscat utility (versions through 2026.2.25) enables heap memory corruption when processing a crafted malicious NTFS image, specifically in the cat() function of cat.c. The overflow is triggered passively during file read operations, requiring no complex interaction beyond ntfscat processing an attacker-supplied image. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the ntfscat binary is executed against an attacker-controlled NTFS image file, with the overflow triggered during the file-read operation inside cat(). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No official CVSS score or vector was supplied by NVD or the vendor, so all severity metrics are inferred from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious NTFS disk image containing a file whose internal structure triggers an out-of-bounds write in ntfscat's cat() function when the file is read. The image is delivered via USB drive, a downloaded archive, or a network share to a target that uses ntfscat - such as a forensic analyst, a backup recovery tool, or an automated VM disk import job. … |
| Remediation | A patch is available per the vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today