Severity by source
Local SUID binary invocable by any unprivileged user (AV:L, PR:N); single-byte heap overflow demands complex heap shaping (AC:H); SUID-root escalation changes execution scope (S:C) enabling full system compromise.
Lifecycle Timeline
1DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_decompress() in compress.c that allows an attacker to corrupt one byte of heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading the special crafted file.
AnalysisAI
Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt one byte of heap memory within the SUID-root ntfs-3g binary by supplying a specially crafted NTFS image, triggering the flaw during decompression in ntfs_decompress() in compress.c. Because the binary executes with root privileges via the SUID mechanism, successful heap exploitation could yield full local privilege escalation to root from an unprivileged account. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to the target system with at least an unprivileged user account; remote exploitation is not applicable based on available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector or EPSS score was provided in the source data, so risk signals are inferred from the description alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unprivileged local attacker on a Linux system with ntfs-3g installed SUID-root creates a specially crafted NTFS filesystem image with malformed compressed data designed to overflow by one byte inside ntfs_decompress(). The attacker invokes ntfs-3g - directly or via a mount operation - to process the image, triggering the overflow in the root-privileged process and corrupting a targeted heap byte to manipulate heap metadata or an adjacent object. … |
| Remediation | Patch available per vendor advisory - upgrade ntfs-3g to a version beyond 2026.2.25 using your distribution's package manager. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today