In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function buildinheritedid() in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.