In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat() in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file.
{ "binaries": [ { "binary_version": "1:2017.3.23-2ubuntu0.18.04.5", "binary_name": "libntfs-3g88" }, { "binary_version": "1:2017.3.23-2ubuntu0.18.04.5", "binary_name": "ntfs-3g" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42616.json"
{ "binaries": [ { "binary_version": "1:2017.3.23AR.3-3ubuntu1.3", "binary_name": "libntfs-3g883" }, { "binary_version": "1:2017.3.23AR.3-3ubuntu1.3", "binary_name": "ntfs-3g" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:2021.8.22-3ubuntu1.4", "binary_name": "libntfs-3g89" }, { "binary_version": "1:2021.8.22-3ubuntu1.4", "binary_name": "ntfs-3g" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:2022.10.3-1.2ubuntu3.2", "binary_name": "libntfs-3g89t64" }, { "binary_version": "1:2022.10.3-1.2ubuntu3.2", "binary_name": "ntfs-3g" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:2022.10.3-5ubuntu1.1", "binary_name": "libntfs-3g89t64" }, { "binary_version": "1:2022.10.3-5ubuntu1.1", "binary_name": "ntfs-3g" } ] }
{ "binaries": [ { "binary_version": "1:2013.1.13AR.1-2ubuntu2+esm4", "binary_name": "ntfs-3g" } ] }
{ "binaries": [ { "binary_version": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "binary_name": "ntfs-3g" } ] }