Candidate: CVE-2021-33289
PublicDate: 2021-09-07 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33289
 https://www.openwall.com/lists/oss-security/2021/08/30/1
 https://ubuntu.com/security/notices/USN-5060-1
 https://ubuntu.com/security/notices/USN-5060-2
Description:
 In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is
 supplied in an NTFS image a heap buffer overflow can occur and allow for
 code execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_ntfs-3g:
upstream_ntfs-3g: needs-triage
trusty_ntfs-3g: ignored (out of standard support)
trusty/esm_ntfs-3g: released (1:2013.1.13AR.1-2ubuntu2+esm1)
xenial_ntfs-3g: ignored (out of standard support)
esm-infra/xenial_ntfs-3g: released (1:2015.3.14AR.1-1ubuntu0.3+esm1)
bionic_ntfs-3g: released (1:2017.3.23-2ubuntu0.18.04.3)
focal_ntfs-3g: released (1:2017.3.23AR.3-3ubuntu1.1)
hirsute_ntfs-3g: released (1:2017.3.23AR.3-3ubuntu4.1)
impish_ntfs-3g: released (1:2017.3.23AR.3-3ubuntu5)
jammy_ntfs-3g: released (1:2017.3.23AR.3-3ubuntu5)
devel_ntfs-3g: released (1:2017.3.23AR.3-3ubuntu5)