Linux Distros Unpatched Vulnerability : CVE-2026-46072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via...

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...

OESA-2026-2104 ntfs-3g security update

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. Security Fixes: A heap buff...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

ALPINE-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:2757)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...

Astra Linux - уязвимость в linux-5.10

ntfsattrfind in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CentOS 9 : libguestfs-winsupport-9.2-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libguestfs-winsupport-9.2-1.el9 build changelog. - ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. NOTE: the upstream position is...

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate

A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition...

SUSE CVE-2018-11730

The libfsntfssecuritydescriptorvaluesfree function in libfsntfssecuritydescriptorvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service double-free via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub...

SUSE CVE-2018-11731

The libfsntfsmftentryreadattributes function in libfsntfsmftentry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub...

SUSE CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

SUSE CVE-2021-39252

A crafted NTFS image can cause an out-of-bounds read in ntfsielookup in NTFS-3G 2021.8.22...

SUSE CVE-2021-39259

A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfsinodelookupbyname, in NTFS-3G 2021.8.22...

SUSE CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

AZL-9847 CVE-2022-30784 affecting package ntfs-3g for versions less than 2022.5.17-1

A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G through 2021.8.22...

CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22...

CVE-2022-30784

CVE-2022-30784 affects NTFS-3G up to and including 2021.8.22. A crafted NTFS image can cause a heap exhaustion in ntfs_get_attribute_value, with CVSSv3.1 vectors indicating LOCAL, LOW CWE, but HIGH confidentiality, integrity, and availability impact. The vulnerability is exposed via NTFS-3G’s FUS...

ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()

The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...