user/ntfs-3g: CVE-2019-9755: integer underflow
Bugzilla ID | 145 |
Alias(es) | CVE-2019-9755 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 07:08:48 -0500 |
Modified | 2019-08-04 19:17:38 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9755 |
Description
An integer underflow issue exists in ntfs-3g 2017.3.23. A local
attacker could potentially exploit this by running /bin/ntfs-3g with
specially crafted arguments from a specially crafted directory to
cause a heap buffer overflow, resulting in a crash or the ability to
execute arbitrary code. In installations where /bin/ntfs-3g is a
setuid-root binary, this could lead to a local escalation of
privileges.