The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs when the MFER parser reads the Data Length portion of the file without proper validation, allowing attackers to overwrite stack memory and potentially execute malicious payloads.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a crafted MFER file that exploits the unvalidated length handling in the libbiosig MFER parser. The file should be designed to include a Data Length value that exceeds the buffer size, such as 89 bytes, which the library incorrectly processes as a length of 538976288 bytes. This can be achieved by manipulating the length encoding in the MFER file to trigger the overflow when the parser reaches Tag 0, 3, 4, 5, 6, 8, 11, 12, 13, 63, 64, 65, 67, 131, or 133.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.