Mageia 9 ntfs-3g Important Heap Overflow Fix MGASA-2026-0118
mageia
May 7, 2026
MGASA-2026-0118 - Updated ntfs-3g packages fix security vulnerability
Summary
Description:
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in
ntfs_build_permissions_posix() in acls.c that allows an attacker to
corrupt heap memory in the SUID-root ntfs-3g binary by crafting a
malicious NTFS image. The overflow is triggered on the READ path (stat,
readdir, open) when processing a security descriptor with multiple
ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
(CVE-2026-40706)
References
- https://bugs.mageia.org/show_bug.cgi?id=35412
- https://www.openwall.com/lists/oss-security/2026/04/21/4
- https://lists.debian.org/debian-security-announce/2026/msg00131.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40706
Topics Covered
Resolution
SRPMS
- 9/core/ntfs-3g-2022.10.3-1.2.mga9
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 07 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0118.html
Type: security
CVE: CVE-2026-40706
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!