In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsibcut_tail() in libntfs-3g/index.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.