The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs when the MFER parser reads the number of channels (Tag 5) and fails to properly validate the length of the data, allowing for an overflow of a stack-allocated buffer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a maliciously crafted MFER file that exploits the unvalidated length handling in the MFER parser of libbiosig. The file should be designed to include a length value that exceeds the capacity of the stack buffer, specifically when the Tag is 5, which corresponds to the number of channels. This can be done by encoding a length greater than 128 bytes, as the parser will incorrectly process this length and overflow the buffer on the stack.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.