A buffer overflow in NTFS-3g might allow local or remote attacker(s) to execute arbitrary code, or escalate privileges.
Package | sys-fs/ntfs3g on all architectures |
---|---|
Affected versions | < 2017.3.23-r3 |
Unaffected versions | >= 2017.3.23-r3 |
NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems.
An integer underflow issue exists in NTFS-3G which may cause a heap buffer overflow with crafted input.
A remote attacker may be able to execute arbitrary code while a local attacker may be able to escalate privileges.
There is no known workaround at this time.
All NTFS-3G users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2017.3.23-r3"
Release date
July 27, 2020
Latest revision
July 27, 2020: 1
Severity
high
Exploitable
remote
Bugzilla entries