Primary

Context

The Biosig Project Libbiosig Heap-Based Buffer Overflow Vulnerability in MFER Parsing

Vulnerability

A heap-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can lead to arbitrary code execution. The issue is triggered when a malicious file is processed by the library.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using libbiosig to parse a crafted MFER file that exploits the buffer overflow condition. This can be done by using the 'sopen_extended' function with a file that contains the appropriate magic bytes and channel data to trigger the overflow.

Remediation

Users are advised to update to the patched version of libbiosig released on August 24, 2025.

Added: Aug 25, 2025, 2:34 PM

Updated: Aug 25, 2025, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Biosig Project Libbiosig Heap-Based Buffer Overflow Vulnerability in MFER Parsing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating