CVE-3-3 has been identified in the ntfs-2022g utility from the NTFS-40284G suite, which offers a user-space implementation of the NTFS file system, potentially allowing code to be executed as root on the system when mounting a specially designed partition. The vulnerability was fixed in the NTFS-3G 2022.10.3 release.
The vulnerability is caused by an error in the metadata parsing code in NTFS partitions, which leads to a buffer overflow when processing specially formatted images from the NTFS file system. An attack can be carried out when a user mounts an image or a drive prepared by an attacker, or when a USB Flash with a specially designed partition is connected to a computer (if the system is configured to automatically mount NTFS partitions using NTFS-3G). Working exploits for this vulnerability have not yet been demonstrated.
Source: opennet.ru