Severity by source
Requires local mounting of a crafted image and user-initiated readlink; impact is limited to low-severity memory read within ntfs-3g process with no integrity or availability effect.
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a out-of-bounds read exists in ntfs_fix_file_name() in libntfs-3g/reparse.c that allows an attacker to read possibly confidential information in ntfs-3g process memory by crafting a malicious NTFS image. The out-of-bounds read is triggered by a readlink on a corrupted file.
AnalysisAI
Out-of-bounds memory read in NTFS-3G through 2026.2.25 exposes ntfs-3g process memory contents when a victim mounts a crafted NTFS filesystem image and invokes readlink on a corrupted reparse point file. The defect resides in ntfs_fix_file_name() within libntfs-3g/reparse.c and can disclose potentially confidential in-process data - such as recently processed file paths or runtime buffers - to the attacker who supplied the malicious image. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker's malicious NTFS filesystem image be mounted by an ntfs-3g instance on the target system - the attacker cannot trigger this remotely without the victim first performing or initiating a mount. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector or EPSS score was provided with this CVE, requiring all metric judgements to be independently assessed from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious NTFS disk image containing a reparse point file with corrupted metadata designed to trigger the boundary violation in ntfs_fix_file_name(), then delivers it to a target system - for example, via USB, a downloaded archive, or a shared network path. When the victim mounts the image using ntfs-3g and the operating system or a user application calls readlink on the corrupted file, the out-of-bounds read occurs within the ntfs-3g process, potentially leaking in-memory data such as file path buffers or adjacent heap contents back to the attacker. … |
| Remediation | Apply the vendor-released patch documented in Ubuntu Security Notice USN-8554-1 (https://ubuntu.com/security/notices/USN-8554-1); Ubuntu users should update the ntfs-3g package via apt. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today