The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can lead to arbitrary code execution. The issue occurs on line 9090 of biosig.c in the current master branch, when the Tag is 64. In this scenario, the vulnerability is triggered by the 'ifread' function, which reads data into a stack-allocated buffer. The buffer overflow happens because the length of the data being read can exceed the buffer's capacity, especially when the length is encoded using multiple octets.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a maliciously crafted MFER file that exploits the buffer overflow condition. The file must be designed to encode a length greater than 256 bytes using multiple octets, specifically targeting the MFER Tag 64 during the parsing process.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.