In NTFS-3G 2022.10.3, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
1:2016.2.22AR.2-21:2017.3.23-21:2017.3.23-2ubuntu0.18.04.11:2017.3.23-2ubuntu0.18.04.21:2017.3.23-2ubuntu0.18.04.31:2017.3.23-2ubuntu0.18.04.41:2017.3.23-2ubuntu0.18.04.51:2017.3.23AR.3-3ubuntu11:2017.3.23AR.3-3ubuntu1.11:2017.3.23AR.3-3ubuntu1.21:2017.3.23AR.3-3ubuntu1.31:2021.8.22-3ubuntu1.31:2022.10.3-1.2ubuntu3.11:2022.10.3-5ubuntu0.25.10.11:2013.1.13AR.1-2ubuntu11:2013.1.13AR.1-2ubuntu21:2013.1.13AR.1-2ubuntu2+esm11:2013.1.13AR.1-2ubuntu2+esm21:2013.1.13AR.1-2ubuntu2+esm31:2013.1.13AR.1-2ubuntu2+esm41:2014.2.15AR.3-31:2015.3.14AR.1-11:2015.3.14AR.1-1build11:2015.3.14AR.1-1ubuntu0.11:2015.3.14AR.1-1ubuntu0.21:2015.3.14AR.1-1ubuntu0.31:2015.3.14AR.1-1ubuntu0.3+esm11:2015.3.14AR.1-1ubuntu0.3+esm21:2015.3.14AR.1-1ubuntu0.3+esm31:2015.3.14AR.1-1ubuntu0.3+esm4