An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "ntfs-3g-dev-dbgsym": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g-dbg": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g-dev": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g-dbgsym": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g-udeb-dbgsym": "1:2015.3.14AR.1-1ubuntu0.2", "ntfs-3g-udeb": "1:2015.3.14AR.1-1ubuntu0.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "ntfs-3g": "1:2017.3.23-2ubuntu0.18.04.1", "ntfs-3g-dbg": "1:2017.3.23-2ubuntu0.18.04.1", "ntfs-3g-dev": "1:2017.3.23-2ubuntu0.18.04.1", "libntfs-3g88": "1:2017.3.23-2ubuntu0.18.04.1", "ntfs-3g-udeb": "1:2017.3.23-2ubuntu0.18.04.1" } ] }