| Package | ntfs-3g |
|---|---|
| Version | 1:2016.2.22AR.1+dfsg-1+deb9u6 (stretch), 1:2017.3.23AR.3-4+deb11u4~deb10u2 (buster) |
| Related CVEs | CVE-2026-40706 |
Andrea Bocchetti discovered a heap-based buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.
For Debian 10 buster, these problems have been fixed in version 1:2017.3.23AR.3-4+deb11u4~deb10u2.
For Debian 9 stretch, these problems have been fixed in version 1:2016.2.22AR.1+dfsg-1+deb9u6.
We recommend that you upgrade your ntfs-3g packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.