Headline
CVE-2019-9755: Open source NTFS-3G, Reliance Edge, TUFS, POSIX, other contributions - Tuxera
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Open source contributions
We believe that contributing to open source helps bring transparency to the software industry. Our engineers have contributed over the years to multiple open-source projects, for example fixing bugs, reporting vulnerabilitites, and adding new features to key storage modules of the Linux kernel – such as NTFS, XFS, HFS+, ext4, f2fs, VFS, btrfs, erofs– and other Unix utilities.