In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsirto_ib() in index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by extending a directory, e.g., by creating a file.