CVE-2025-54489
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63:
else if (tag==63) {
uint8_t tag2=255, len2=255;
count = 0;
while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){
curPos += ifread(&tag2,1,1,hdr);
curPos += ifread(&len2,1,1,hdr);
if (VERBOSE_LEVEL==9)
fprintf(stdout,"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\n",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count);
if (FlagInfiniteLength && len2==0 && tag2==0) break;
count += (2+len2);
curPos += ifread(&buf,1,len2,hdr);
Here, the number of bytes read is not the Data Length decoded from the current frame in the file (len) but rather is a new length contained in a single octet read from the same input file (len2). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still buf, which has a size of only 128 bytes, while len2 can be as large as 255.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Biosig Project | libbiosig | 3.9.0 | affected |
| The Biosig Project | libbiosig | Master Branch (35a819fa) | affected |
Weaknesses
- CWE-121: CWE-121: Stack-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.