In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsindexwalk_down() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading crafted file metadata.