| Package | ntfs-3g |
|---|---|
| Version | 1:2014.2.15AR.2-1+deb8u7 (jessie), 1:2016.2.22AR.1+dfsg-1+deb9u4 (stretch) |
| Related CVEs | CVE-2022-40284 |
Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of the NTFS metadata. A local user can take advantage of this flaw for local root privilege escalation.
For Debian 8 jessie, these problems have been fixed in version 1:2014.2.15AR.2-1+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 1:2016.2.22AR.1+dfsg-1+deb9u4.
We recommend that you upgrade your ntfs-3g packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.