Severity by source
Local vector via SUID-root binary; low privileges since any local user invokes ntfs-3g; scope changes to root via SUID escalation path.
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ir_to_ib() in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file.
AnalysisAI
Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt heap memory in the SUID-root ntfs-3g binary by mounting a crafted NTFS image and performing a directory-extending operation such as creating a file. Because ntfs-3g runs as root via the SUID bit on most Linux distributions, successful exploitation of the overflow in ntfs_ir_to_ib() could yield local privilege escalation to root. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local user account on a system with ntfs-3g installed and its SUID-root bit set - the default configuration on Ubuntu and most Debian-based distributions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The real-world priority of this vulnerability is meaningfully elevated above a typical local heap overflow by a single environmental factor: the SUID-root bit on ntfs-3g. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user on an Ubuntu system crafts or obtains a malicious NTFS disk image with a specially structured directory index root, mounts it using the SUID-root ntfs-3g binary (which requires no elevated privileges in default Ubuntu configurations), and then creates a file on the mounted volume. The file-creation operation forces ntfs-3g to extend the directory by calling ntfs_ir_to_ib(), triggering the heap overflow in the root-privileged process context. … |
| Remediation | Upgrade ntfs-3g to a version beyond 2026.2.25; Ubuntu users should apply the updated package per USN-8554-1 at https://ubuntu.com/security/notices/USN-8554-1 by running apt-get update followed by apt-get upgrade ntfs-3g and verifying the installed version exceeds the affected range. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today