An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-dbg" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-dbgsym" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-dev" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-dev-dbgsym" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-udeb" }, { "binary_version": "1:2015.3.14AR.1-1ubuntu0.2", "binary_name": "ntfs-3g-udeb-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "1:2017.3.23-2ubuntu0.18.04.1", "binary_name": "libntfs-3g88" }, { "binary_version": "1:2017.3.23-2ubuntu0.18.04.1", "binary_name": "ntfs-3g" }, { "binary_version": "1:2017.3.23-2ubuntu0.18.04.1", "binary_name": "ntfs-3g-dbg" }, { "binary_version": "1:2017.3.23-2ubuntu0.18.04.1", "binary_name": "ntfs-3g-dev" }, { "binary_version": "1:2017.3.23-2ubuntu0.18.04.1", "binary_name": "ntfs-3g-udeb" } ] }