NTFS-3G Gets a Pile of Overflows — But Ask Where You Actually Mount NTFS
Debian shipped DSA-6389-1 for ntfs-3g on 15 July, and Ubuntu followed with USN-8554-1 the next day. Between them they close a batch of nine CVEs: seven heap buffer overflows (CVE-2026-42616, 42617, 42618, 46569, 46570, 46572 and 56135) and two out-of-bounds reads (CVE-2026-46571 and 56136). The overflows can lead to arbitrary code execution; the reads can leak memory contents.






