CVE-2026-42616

Publication date 15 July 2026

Last updated 16 July 2026


Ubuntu priority

Description

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in cat() in cat.c that allows an attacker to corrupt heap memory in the ntfscat binary by crafting a malicious NTFS image. The overflow is triggered by reading a file.

Status

Package Ubuntu Release Status
ntfs-3g 26.04 LTS resolute
Fixed 1:2022.10.3-5ubuntu1.1
24.04 LTS noble
Fixed 1:2022.10.3-1.2ubuntu3.2
22.04 LTS jammy
Fixed 1:2021.8.22-3ubuntu1.4
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities