37 matches found
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...
OESA-2026-2104 ntfs-3g security update
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. Security Fixes: A heap buff...
ALPINE-CVE-2026-40706
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...
CVE-2026-40706
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...
RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:2757)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...
CentOS 9 : libguestfs-winsupport-9.2-1.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libguestfs-winsupport-9.2-1.el9 build changelog. - ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+5123-2. NOTE: the upstream position is...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate
A vulnerability was found in NTFS-3G. Incorrect validation of NTFS metadata can result in a heap-based buffer overflow when processing a crafted NTFS image file or partition...
SUSE CVE-2021-39252
A crafted NTFS image can cause an out-of-bounds read in ntfsielookup in NTFS-3G 2021.8.22...
SUSE CVE-2021-39259
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfsinodelookupbyname, in NTFS-3G 2021.8.22...
SUSE CVE-2022-30786
A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...
CVE-2022-30789
A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22...
CVE-2022-30784
CVE-2022-30784 affects NTFS-3G up to and including 2021.8.22. A crafted NTFS image can cause a heap exhaustion in ntfs_get_attribute_value, with CVSSv3.1 vectors indicating LOCAL, LOW CWE, but HIGH confidentiality, integrity, and availability impact. The vulnerability is exposed via NTFS-3G’s FUS...
ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i()
The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
The vulnerability of the ntfs_ie_lookup function in the NTFS file system driver for the FUSE NTFS-3G module arises from the reading beyond the allowed buffer data limits. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ntfsielookup function in the NTFS file system driver for the FUSE NTFS-3G module relates to reading data from beyond the allowed limits of the buffer. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause...
The vulnerability of the `ntfs_extent inode_open` function in the NTFS file system driver for the FUSE NTFS-3G module, related to pointer swapping errors, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ntfsextent inodeopen function in the NTFS file system driver for the FUSE NTFS-3G module is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures through th...
The vulnerability of the `ntfsattr_pwrite` function in the NTFS file system driver for the FUSE NTFS-3G module, related to an uncontrolled recursion, allows a hacker to cause a service failure.
The vulnerability of the ntfsattrpwrite function in the NTFS file system driver for the FUSE NTFS-3G module is related to an uncontrolled recursion. Exploiting this vulnerability could allow a attacker to cause a service failure by using a specially created NTFS image...
A crafted NTFS image can trigger a heap-based buffer overflow caused by an unsanitized attribute in ntfs_get_attribute_value in NTFS-3G < 2021.8.22.
...
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
...
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G < 2021.8.22.
...