Yuchen Zeng

**Name of the Vulnerable Software and Affected Versions** NTFS-3G versions prior to 2022.10.3 **Description** A buffer overflow was discovered in NTFS-3G, which can be exploited by crafted metadata in an NTFS image, leading to code execution. This can be exploited by a local attacker if the ntfs-3g binary is setuid root, or by a physically proximate attacker if NTFS-3G software is configured to execute upon attachment of an external storage device. The issue is related to errors in processing metadata, allowing an attacker to execute arbitrary code. **Recommendations** For NTFS-3G versions prior to 2022.10.3, update to version 2022.10.3 or later to resolve the issue. As a temporary workaround, consider disabling the execution of NTFS-3G upon attachment of an external storage device and removing setuid root permissions from the ntfs-3g binary to minimize the risk of exploitation. Restrict access to the ntfs-3g utility to prevent potential attacks.