{"id":"MGASA-2022-0001","summary":"Updated ntfs-3g packages fix security vulnerability","details":"Security vulnerabilities were identified in the open source NTFS-3G and\nNTFSPROGS software. These vulnerabilities may allow an attacker using a\nmaliciously crafted NTFS-formatted image file or external storage to\npotentially execute arbitrary privileged code, if the attacker has either\nlocal access and the ntfs-3g binary is setuid root, or if the attacker has\nphysical access to an external port to a computer which is configured to\nrun the ntfs-3g binary or one of the ntfsprogs tools when the external\nstorage is plugged into the computer. These vulnerabilities result from\nincorrect validation of some of the NTFS metadata that could potentially\ncause buffer overflows, which could be exploited by an attacker. Common\nways for attackers to gain physical access to a machine is through\nsocial engineering or an evil maid attack on an unattended computer.\n","modified":"2026-04-16T04:44:31.617933294Z","published":"2022-01-03T07:36:40Z","upstream":["CVE-2021-33285","CVE-2021-33286","CVE-2021-33287","CVE-2021-33289","CVE-2021-35266","CVE-2021-35267","CVE-2021-35268","CVE-2021-35269","CVE-2021-39251","CVE-2021-39252","CVE-2021-39253","CVE-2021-39254","CVE-2021-39255","CVE-2021-39256","CVE-2021-39257","CVE-2021-39258","CVE-2021-39259","CVE-2021-39260","CVE-2021-39261","CVE-2021-39262","CVE-2021-39263"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0001.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29428"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2021/08/30/1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5060-1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J6ACAL2OSY4MFKIQMETQG4T7ZJS2BVPE/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/APJMFOEFTZSFEAKDMRWUM25JNERJUHUT/"},{"type":"WEB","url":"https://www.debian.org/security/2021/dsa-4971"}],"affected":[{"package":{"name":"ntfs-3g","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ntfs-3g?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.8.22-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}},{"package":{"name":"libguestfs","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libguestfs?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.44.0-2.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}},{"package":{"name":"wimlib","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/wimlib?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.3-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}},{"package":{"name":"partclone","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/partclone?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.18-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}},{"package":{"name":"ntfs-3g-system-compression","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ntfs-3g-system-compression?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}},{"package":{"name":"testdisk","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/testdisk?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.1-2.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0001.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}