A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "ntfs-3g-dev-dbgsym": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g-dbg": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g-dev": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g-dbgsym": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g-udeb-dbgsym": "1:2013.1.13AR.1-2ubuntu2+esm4", "ntfs-3g-udeb": "1:2013.1.13AR.1-2ubuntu2+esm4" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "ntfs-3g-dev-dbgsym": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g-dbg": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g-dev": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g-dbgsym": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g-udeb-dbgsym": "1:2015.3.14AR.1-1ubuntu0.3+esm4", "ntfs-3g-udeb": "1:2015.3.14AR.1-1ubuntu0.3+esm4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ntfs-3g": "1:2017.3.23-2ubuntu0.18.04.5", "ntfs-3g-dbg": "1:2017.3.23-2ubuntu0.18.04.5", "ntfs-3g-dev": "1:2017.3.23-2ubuntu0.18.04.5", "libntfs-3g88": "1:2017.3.23-2ubuntu0.18.04.5", "ntfs-3g-udeb": "1:2017.3.23-2ubuntu0.18.04.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ntfs-3g-dev-dbgsym": "1:2017.3.23AR.3-3ubuntu1.3", "libntfs-3g883": "1:2017.3.23AR.3-3ubuntu1.3", "ntfs-3g": "1:2017.3.23AR.3-3ubuntu1.3", "ntfs-3g-dev": "1:2017.3.23AR.3-3ubuntu1.3", "ntfs-3g-dbgsym": "1:2017.3.23AR.3-3ubuntu1.3", "libntfs-3g883-dbgsym": "1:2017.3.23AR.3-3ubuntu1.3", "ntfs-3g-udeb": "1:2017.3.23AR.3-3ubuntu1.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libntfs-3g89": "1:2021.8.22-3ubuntu1.2", "ntfs-3g": "1:2021.8.22-3ubuntu1.2", "ntfs-3g-dev": "1:2021.8.22-3ubuntu1.2", "ntfs-3g-dbgsym": "1:2021.8.22-3ubuntu1.2", "ntfs-3g-dev-dbgsym": "1:2021.8.22-3ubuntu1.2", "libntfs-3g89-dbgsym": "1:2021.8.22-3ubuntu1.2" } ] }