github tuxera/ntfs-3g 2026.7.7
NTFS-3G 2026.7.7

7 hours ago

Security Release 2026.7.7 (July 15, 2026)
Download: https://tuxera.com/opensource/ntfs-3g_ntfsprogs-2026.7.7.tgz

Checksums:
SHA-256: d67b769025d32860549d35c2147e45024d172f81c540d750390ce3602c059dab
SHA-512: 5b0a866c3c556f97b1c712fd09b148ecfd194429620e1b45f0630f6b4dee6a087496ff9bbe36bfa1a3e7c58483c43d45bb1e03956e0386aebe8b66522d90cdc2

Changes:

  • (ntfscat) Fix heap memory corruption when processing a corrupt or maliciously crafted filesystem. (CVE-2026-42616)
  • Fix heap memory corruption when copying index data from root to an index block in a corrupt or maliciously crafted filesystem. (CVE-2026-42617)
  • Fix single-byte heap buffer overflow when decompressing maliciously crafted compressed file data. (CVE-2026-42618)
  • Fix heap buffer overflow when copying the tail data of an index block to a freshly allocated block. (CVE-2026-46569)
  • Fix out-of-bounds read when processing symlink reparse data in a corrupt or maliciously crafted filesystem. (CVE-2026-46571)
  • Fix heap memory corruption for maliciously crafted or corrupt index data descending to an out-of-bounds tree depth. (CVE-2026-46570)
  • Fix heap buffer overflow for maliciously crafted or corrupt index data during a node split. (CVE-2026-46572)
  • Fix heap buffer overflow when building inherited ACL data. (CVE-2026-56135)
  • Fix out of bounds access when clearing an index root in maliciously crafted or corrupt index data. (CVE-2026-56136)

We'd like to thank to Alexandro Calo' from Nozomi Networks Labs, Abhishek Kumar and Jurre van Bergen for contributing to this release with security reports.

If you have a security issue to report for ntfs-3g, then please follow the process outlined here:
https://www.tuxera.com/security-advisories/

Don't miss a new ntfs-3g release

NewReleases is sending notifications on new releases.