CVE-2026-56136

Publication date 15 July 2026

Last updated 16 July 2026


Ubuntu priority

Description

In NTFS-3G through 2026.2.25, an out-of-bounds read exists in ntfs_ir_nill() in libntfs-3g/index.c that allows an attacker to read possibly confidential information in an ntfs-3g process by crafting a malicious NTFS image. This read operation is triggered by creation of a file with a crafted name.

Status

Package Ubuntu Release Status
ntfs-3g 26.04 LTS resolute
Fixed 1:2022.10.3-5ubuntu1.1
24.04 LTS noble
Fixed 1:2022.10.3-1.2ubuntu3.2
22.04 LTS jammy
Fixed 1:2021.8.22-3ubuntu1.4
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty
Needs evaluation

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities