The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue is triggered by the `sopen_extended` function, which processes MFER files by reading tags, data lengths, and values. The vulnerability occurs when the length of the data exceeds the expected size, allowing for a buffer overflow when the data is processed.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a MFER file that is crafted to include a tag 3 payload exceeding 16 bytes. When this file is processed by libbiosig, the `sopen_extended` function will read the oversized payload, causing a buffer overflow by writing a null byte beyond the allocated buffer space. This can be verified by attaching a debugger to the libbiosig application and observing the AddressSanitizer report of the stack-buffer-overflow error, which indicates that the buffer overflow condition has occurred.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.