VDB
ALPINE-CVE-2019-9755
ALPINE-CVE-2019-9755
PUBLISHED
CVSS 7 HIGH
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.9 | ntfs-3g | 2011.4.12-r0, 0, 2017.3.23-r1 |
| Alpine:v3.16 | ntfs-3g | 2010.8.8-r0, 0, 2017.3.23-r1 |
| Alpine:v3.24 | ntfs-3g | 0 |
| Alpine:v3.15 | ntfs-3g | 0, 2009.11.14-r0, 2009.4.4-r0 |
| Alpine:v3.17 | ntfs-3g | 0, 2017.3.23-r1, 2017.3.23-r0 |
| Alpine:v3.22 | ntfs-3g | 2011.4.12-r0, 0, 2017.3.23-r1 |
| Alpine:v3.19 | ntfs-3g | 0, 2017.3.23-r1, 2009.11.14-r0 |
| Alpine:v3.23 | ntfs-3g | 2009.4.4-r0, 2009.11.14-r0, 0 |
| Alpine:v3.10 | ntfs-3g | 2011.4.12-r0, 0, 2017.3.23-r1 |
| Alpine:v3.11 | ntfs-3g | 2010.3.6-r1, 2010.3.6-r0, 0 |
| Alpine:v3.20 | ntfs-3g | 0, 0, 2009.11.14-r0 |
| Alpine:v3.12 | ntfs-3g | 0, 2017.3.23-r1, 2017.3.23-r0 |
| Alpine:v3.21 | ntfs-3g | 2010.8.8-r0, 0, 2017.3.23-r1 |
| Alpine:v3.14 | ntfs-3g | 0, 2009.11.14-r0, 2009.4.4-r0 |
| Alpine:v3.18 | ntfs-3g | 2009.11.14-r0, 2010.10.2-r0, 2010.3.6-r0 |
| Alpine:v3.13 | ntfs-3g | 2009.4.4-r0, 2009.4.4-r0, 2010.10.2-r0 |
| Alpine:v3.8 | ntfs-3g | 0, 2017.3.23-r1, 2017.3.23-r0 |
Timeline
- Jun 5, 2019 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated