A buffer overflow in NTFS-3g might allow local or remote attacker(s) to execute arbitrary code, or escalate privileges.
|Package||sys-fs/ntfs3g on all architectures|
|Affected versions||< 2017.3.23-r3|
|Unaffected versions||>= 2017.3.23-r3|
NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems.
An integer underflow issue exists in NTFS-3G which may cause a heap buffer overflow with crafted input.
A remote attacker may be able to execute arbitrary code while a local attacker may be able to escalate privileges.
There is no known workaround at this time.
All NTFS-3G users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2017.3.23-r3"
July 27, 2020
July 27, 2020: 1