Skip to main content

NTFS-3G CVE-2026-42617

MEDIUM
2026-07-15 vendor:ubuntu
Share

Severity by source

vuln.today AI
8.8 HIGH

Local vector via SUID-root binary; low privileges since any local user invokes ntfs-3g; scope changes to root via SUID escalation path.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 16:35 vuln.today
CVE Published
Jul 15, 2026 - 00:00 cve.org
MEDIUM

DescriptionCVE.org

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ir_to_ib() in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file.

AnalysisAI

Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt heap memory in the SUID-root ntfs-3g binary by mounting a crafted NTFS image and performing a directory-extending operation such as creating a file. Because ntfs-3g runs as root via the SUID bit on most Linux distributions, successful exploitation of the overflow in ntfs_ir_to_ib() could yield local privilege escalation to root. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious NTFS image with corrupted index root
Delivery
Deliver image via USB media or local file transfer
Exploit
Mount image as local user via SUID-root ntfs-3g
Execution
Create file on mounted filesystem to trigger directory extension
Persist
Trigger heap overflow in ntfs_ir_to_ib() within root-privileged process
Impact
Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation Exploitation requires a local user account on a system with ntfs-3g installed and its SUID-root bit set - the default configuration on Ubuntu and most Debian-based distributions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The real-world priority of this vulnerability is meaningfully elevated above a typical local heap overflow by a single environmental factor: the SUID-root bit on ntfs-3g. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on an Ubuntu system crafts or obtains a malicious NTFS disk image with a specially structured directory index root, mounts it using the SUID-root ntfs-3g binary (which requires no elevated privileges in default Ubuntu configurations), and then creates a file on the mounted volume. The file-creation operation forces ntfs-3g to extend the directory by calling ntfs_ir_to_ib(), triggering the heap overflow in the root-privileged process context. …
Remediation Upgrade ntfs-3g to a version beyond 2026.2.25; Ubuntu users should apply the updated package per USN-8554-1 at https://ubuntu.com/security/notices/USN-8554-1 by running apt-get update followed by apt-get upgrade ntfs-3g and verifying the installed version exceeds the affected range. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42617 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy