{"id":"MGASA-2026-0118","summary":"Updated ntfs-3g packages fix security vulnerability","details":"In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in\nntfs_build_permissions_posix() in acls.c that allows an attacker to\ncorrupt heap memory in the SUID-root ntfs-3g binary by crafting a\nmalicious NTFS image. The overflow is triggered on the READ path (stat,\nreaddir, open) when processing a security descriptor with multiple\nACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.\n(CVE-2026-40706)\n","modified":"2026-05-07T05:15:30.123205Z","published":"2026-05-07T05:06:13Z","upstream":["CVE-2026-40706"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0118.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35412"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/04/21/4"},{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2026/msg00131.html"}],"affected":[{"package":{"name":"ntfs-3g","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ntfs-3g?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2022.10.3-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0118.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}