The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs because the library does not properly validate the length of data being read from the file, allowing for excessive bytes to be written into a stack buffer, overwriting adjacent memory and potentially leading to code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can overwrite the return address and other critical data on the stack, leading to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a maliciously crafted MFER file that exploits the unvalidated length handling in the libbiosig library. The file should be designed to include a length value that exceeds the capacity of the stack-allocated buffer, such as by using a Tag value of 0 with a length of 89 bytes, which is interpreted as a much larger value due to an integer overflow. When this file is processed by the libbiosig library, the overflow occurs, allowing for arbitrary code execution.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.