The Biosig Project Libbiosig Heap-Based Buffer Overflow Vulnerability in Nex File Parsing
Vulnerability
A heap-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the Nex file parsing functionality, where a specially crafted .nex file can lead to arbitrary code execution. The issue is triggered by providing a malicious file that exploits the parsing process.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using the 'sopen_extended' function to parse a malicious .nex file. The file should be crafted to exploit the buffer overflow during the Nex file header processing, particularly by manipulating the event counts in a way that exceeds the allocated buffer sizes.
Remediation
Users are advised to update to the patched version of libbiosig released on August 24, 2025.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.