DEBIAN-CVE-2019-9755

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2019-9755
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-9755.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2019-9755
Upstream
Published
2019-06-05T15:29:03Z
Modified
2025-09-25T02:06:26.597865Z
Summary
[none]
Details

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

References

Affected packages

Debian:11 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2017.3.23AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2017.3.23AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2017.3.23AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2017.3.23AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}