CVE-2026-56135

Publication date 15 July 2026

Last updated 16 July 2026


Ubuntu priority

Description

In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function build_inherited_id() in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted directory.

Status

Package Ubuntu Release Status
ntfs-3g 26.04 LTS resolute
Fixed 1:2022.10.3-5ubuntu1.1
24.04 LTS noble
Fixed 1:2022.10.3-1.2ubuntu3.2
22.04 LTS jammy
Fixed 1:2021.8.22-3ubuntu1.4
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities