Severity by source
Local vector because attacker supplies crafted image; SUID-root causes scope change; low privilege reflects standard local user invoking the SUID binary.
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_index_walk_down() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading crafted file metadata.
AnalysisAI
Heap buffer overflow in NTFS-3G through 2026.2.25 allows a local attacker to corrupt heap memory in the SUID-root ntfs-3g binary by supplying a crafted NTFS filesystem image, potentially achieving privilege escalation to root. The flaw resides in the index B-tree traversal function ntfs_index_walk_down() in libntfs-3g/index.c and is triggered during parsing of crafted file metadata. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be a local user on the affected system with the ability to invoke the ntfs-3g binary. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is elevated above what the absence of a CVSS score might suggest, primarily because the target binary is SUID-root, meaning successful heap corruption executes with root privileges regardless of the invoking user's privilege level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user on a Linux system with NTFS-3G installed creates a specially crafted NTFS disk image with malformed index B-tree entries designed to exceed buffer bounds in ntfs_index_walk_down(). The attacker invokes the SUID-root ntfs-3g binary to mount or process the malicious image, triggering the heap buffer overflow. … |
| Remediation | Apply the vendor-released patch as documented in Ubuntu Security Notice USN-8554-1, available at https://ubuntu.com/security/notices/USN-8554-1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today