The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing
Vulnerability
A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs when the library processes MFER files that contain specific tags, allowing an attacker to exploit the vulnerability by providing a malicious file.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using libbiosig to parse a crafted MFER file that exploits the buffer overflow condition. This can be done by creating an MFER file that includes a length field designed to overflow the stack buffer when the file is processed by libbiosig's MFER parsing code.
Remediation
Users are advised to update to the patched version of libbiosig, which is available on the project's official website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.