In NTFS-3G through 2026.2.25, an out-of-bounds read exists in ntfsirnill() in libntfs-3g/index.c that allows an attacker to read possibly confidential information in an ntfs-3g process by crafting a malicious NTFS image. This read operation is triggered by creation of a file with a crafted name.