The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can lead to arbitrary code execution. The issue occurs on line 8824 of biosig.c in the current master branch, specifically when the Tag is 11. The vulnerability is triggered by the unvalidated length of data being read into a stack-allocated buffer, allowing for an overflow that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can lead to arbitrary code execution.

Reproduction

To reproduce this vulnerability, create a malicious MFER file that includes a frame with Tag 11 and a Data Length of more than 6 bytes. When this file is processed by libbiosig, the unvalidated length will cause a buffer overflow in a stack-allocated buffer, overwriting adjacent stack memory and potentially allowing for arbitrary code execution.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.