USN-8554-1: NTFS-3G vulnerabilities

Publication date

16 July 2026

Overview

Several security issues were fixed in NTFS-3G.


Packages

  • ntfs-3g - read/write NTFS driver for FUSE

Details

It was discovered that NTFS-3G had a heap buffer overflow when reading
certain NTFS images. A local attacker could possibly use this issue to
execute arbitrary code. (CVE-2026-42616)

It was discovered that NTFS-3G had multiple heap buffer overflows when
processing certain NTFS images. A local attacker could possibly use these
issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618,
CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135)

It was discovered that NTFS-3G had out-of-bounds reads when processing
certain NTFS images. A local attacker could possibly use these issues to
obtain sensitive information. (

It was discovered that NTFS-3G had a heap buffer overflow when reading
certain NTFS images. A local attacker could possibly use this issue to
execute arbitrary code. (CVE-2026-42616)

It was discovered that NTFS-3G had multiple heap buffer overflows when
processing certain NTFS images. A local attacker could possibly use these
issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618,
CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135)

It was discovered that NTFS-3G had out-of-bounds reads when processing
certain NTFS images. A local attacker could possibly use these issues to
obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)


Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
26.04 LTS resolute libntfs-3g89t64 –  1:2022.10.3-5ubuntu1.1
ntfs-3g –  1:2022.10.3-5ubuntu1.1
24.04 LTS noble libntfs-3g89t64 –  1:2022.10.3-1.2ubuntu3.2
ntfs-3g –  1:2022.10.3-1.2ubuntu3.2
22.04 LTS jammy libntfs-3g89 –  1:2021.8.22-3ubuntu1.4
ntfs-3g –  1:2021.8.22-3ubuntu1.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›