Unrated severityNVD Advisory· Published Sep 7, 2021· Updated Dec 2, 2025

CVE-2021-39254

Description

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

Affected products

131

NTFS-3G/NTFS-3Gdescription
osv-coords130 versions
pkg:rpm/almalinux/hivex pkg:rpm/almalinux/hivex-devel pkg:rpm/almalinux/libguestfs pkg:rpm/almalinux/libguestfs-appliance pkg:rpm/almalinux/libguestfs-bash-completion pkg:rpm/almalinux/libguestfs-devel pkg:rpm/almalinux/libguestfs-gfs2 pkg:rpm/almalinux/libguestfs-gobject pkg:rpm/almalinux/libguestfs-gobject-devel pkg:rpm/almalinux/libguestfs-inspect-icons pkg:rpm/almalinux/libguestfs-java pkg:rpm/almalinux/libguestfs-java-devel pkg:rpm/almalinux/libguestfs-javadoc pkg:rpm/almalinux/libguestfs-man-pages-ja pkg:rpm/almalinux/libguestfs-man-pages-uk pkg:rpm/almalinux/libguestfs-rescue pkg:rpm/almalinux/libguestfs-rsync pkg:rpm/almalinux/libguestfs-tools pkg:rpm/almalinux/libguestfs-tools-c pkg:rpm/almalinux/libguestfs-winsupport pkg:rpm/almalinux/libguestfs-xfs pkg:rpm/almalinux/libiscsi pkg:rpm/almalinux/libiscsi-devel pkg:rpm/almalinux/libiscsi-utils pkg:rpm/almalinux/libnbd pkg:rpm/almalinux/libnbd-bash-completion pkg:rpm/almalinux/libnbd-devel pkg:rpm/almalinux/libtpms pkg:rpm/almalinux/libtpms-devel pkg:rpm/almalinux/libvirt pkg:rpm/almalinux/libvirt-client pkg:rpm/almalinux/libvirt-daemon pkg:rpm/almalinux/libvirt-daemon-config-network pkg:rpm/almalinux/libvirt-daemon-config-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-interface pkg:rpm/almalinux/libvirt-daemon-driver-network pkg:rpm/almalinux/libvirt-daemon-driver-nodedev pkg:rpm/almalinux/libvirt-daemon-driver-nwfilter pkg:rpm/almalinux/libvirt-daemon-driver-qemu pkg:rpm/almalinux/libvirt-daemon-driver-secret pkg:rpm/almalinux/libvirt-daemon-driver-storage pkg:rpm/almalinux/libvirt-daemon-driver-storage-core pkg:rpm/almalinux/libvirt-daemon-driver-storage-disk pkg:rpm/almalinux/libvirt-daemon-driver-storage-gluster pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi pkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-direct pkg:rpm/almalinux/libvirt-daemon-driver-storage-logical pkg:rpm/almalinux/libvirt-daemon-driver-storage-mpath pkg:rpm/almalinux/libvirt-daemon-driver-storage-rbd pkg:rpm/almalinux/libvirt-daemon-driver-storage-scsi pkg:rpm/almalinux/libvirt-daemon-kvm pkg:rpm/almalinux/libvirt-dbus pkg:rpm/almalinux/libvirt-devel pkg:rpm/almalinux/libvirt-docs pkg:rpm/almalinux/libvirt-libs pkg:rpm/almalinux/libvirt-lock-sanlock pkg:rpm/almalinux/libvirt-nss pkg:rpm/almalinux/libvirt-wireshark pkg:rpm/almalinux/lua-guestfs pkg:rpm/almalinux/nbdfuse pkg:rpm/almalinux/nbdkit pkg:rpm/almalinux/nbdkit-bash-completion pkg:rpm/almalinux/nbdkit-basic-filters pkg:rpm/almalinux/nbdkit-basic-plugins pkg:rpm/almalinux/nbdkit-curl-plugin pkg:rpm/almalinux/nbdkit-devel pkg:rpm/almalinux/nbdkit-example-plugins pkg:rpm/almalinux/nbdkit-gzip-filter pkg:rpm/almalinux/nbdkit-gzip-plugin pkg:rpm/almalinux/nbdkit-linuxdisk-plugin pkg:rpm/almalinux/nbdkit-nbd-plugin pkg:rpm/almalinux/nbdkit-python-plugin pkg:rpm/almalinux/nbdkit-server pkg:rpm/almalinux/nbdkit-ssh-plugin pkg:rpm/almalinux/nbdkit-tar-filter pkg:rpm/almalinux/nbdkit-tar-plugin pkg:rpm/almalinux/nbdkit-tmpdisk-plugin pkg:rpm/almalinux/nbdkit-vddk-plugin pkg:rpm/almalinux/nbdkit-xz-filter pkg:rpm/almalinux/netcf pkg:rpm/almalinux/netcf-devel pkg:rpm/almalinux/netcf-libs pkg:rpm/almalinux/ocaml-hivex pkg:rpm/almalinux/ocaml-hivex-devel pkg:rpm/almalinux/ocaml-libguestfs pkg:rpm/almalinux/ocaml-libguestfs-devel pkg:rpm/almalinux/ocaml-libnbd pkg:rpm/almalinux/ocaml-libnbd-devel pkg:rpm/almalinux/perl-hivex pkg:rpm/almalinux/perl-Sys-Guestfs pkg:rpm/almalinux/perl-Sys-Virt pkg:rpm/almalinux/python3-hivex pkg:rpm/almalinux/python3-libguestfs pkg:rpm/almalinux/python3-libnbd pkg:rpm/almalinux/python3-libvirt pkg:rpm/almalinux/qemu-guest-agent pkg:rpm/almalinux/qemu-img pkg:rpm/almalinux/qemu-kvm pkg:rpm/almalinux/qemu-kvm-block-curl pkg:rpm/almalinux/qemu-kvm-block-gluster pkg:rpm/almalinux/qemu-kvm-block-iscsi pkg:rpm/almalinux/qemu-kvm-block-rbd pkg:rpm/almalinux/qemu-kvm-block-ssh pkg:rpm/almalinux/qemu-kvm-common pkg:rpm/almalinux/qemu-kvm-core pkg:rpm/almalinux/qemu-kvm-docs pkg:rpm/almalinux/qemu-kvm-hw-usbredir pkg:rpm/almalinux/qemu-kvm-tests pkg:rpm/almalinux/qemu-kvm-ui-opengl pkg:rpm/almalinux/qemu-kvm-ui-spice pkg:rpm/almalinux/ruby-hivex pkg:rpm/almalinux/ruby-libguestfs pkg:rpm/almalinux/seabios pkg:rpm/almalinux/seabios-bin pkg:rpm/almalinux/seavgabios-bin pkg:rpm/almalinux/sgabios pkg:rpm/almalinux/sgabios-bin pkg:rpm/almalinux/SLOF pkg:rpm/almalinux/supermin pkg:rpm/almalinux/supermin-devel pkg:rpm/almalinux/swtpm pkg:rpm/almalinux/swtpm-devel pkg:rpm/almalinux/swtpm-libs pkg:rpm/almalinux/swtpm-tools pkg:rpm/almalinux/swtpm-tools-pkcs11 pkg:rpm/almalinux/virt-dib pkg:rpm/almalinux/virt-v2v pkg:rpm/almalinux/virt-v2v-bash-completion pkg:rpm/almalinux/virt-v2v-man-pages-ja pkg:rpm/almalinux/virt-v2v-man-pages-uk
< 1.3.18-23.module_el8.6.0+2880+7d9e3703+ 129 more
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.6-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.9.1-0.20211126git1ff6fe1f43.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.24.0-4.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.6.0-5.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 8.0.0-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-23.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.15.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:0.20170427git-3.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 20210217-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 5.2.1-1.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.7.0-1.20211109gitb79fd91.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.44.0-5.module_el8.6.0+2880+7d9e3703.alma
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1:1.42.0-18.module_el8.6.0+2880+7d9e3703

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/mitrevendor-advisory
security.gentoo.org/glsa/202301-01mitrevendor-advisory
www.debian.org/security/2021/dsa-4971mitrevendor-advisory
lists.debian.org/debian-lts-announce/2021/11/msg00013.htmlmitremailing-list
github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jpmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000