Severity by source
Local vector because attacker supplies the disk image; PR:L because most Linux distros permit unprivileged FUSE mounts; S:C because SUID-root escalates impact beyond the user context.
Lifecycle Timeline
2DescriptionCVE.org
In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfs_ib_cut_tail() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.
AnalysisAI
Heap buffer overflow in NTFS-3G through 2026.2.25 allows local privilege escalation to root via a crafted NTFS filesystem image. The overflow occurs in ntfs_ib_cut_tail() within the index management code when a file is created inside a specially constructed directory on a malicious NTFS image. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The SUID-root ntfs-3g binary must be installed on the target system, which is the default on Ubuntu and most major Linux distributions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The real-world risk is meaningful but bounded by the local attack vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a local unprivileged shell account crafts a malicious NTFS image containing a specially structured directory with corrupt index block metadata. The attacker mounts this image using ntfs-3g (which executes as SUID-root via FUSE) and creates a file inside the crafted directory, triggering the heap buffer overflow in ntfs_ib_cut_tail() within the root-privileged process. … |
| Remediation | The primary remediation is to upgrade ntfs-3g to a version released after 2026.2.25 once a patched release is published by the upstream project or your Linux distribution. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today