In NTFS-3G through 2026.2.25, a out-of-bounds read exists in ntfsfixfile_name() in libntfs-3g/reparse.c that allows an attacker to read possibly confidential information in ntfs-3g process memory by crafting a malicious NTFS image. The out-of-bounds read is triggered by a readlink on a corrupted file.