The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can lead to arbitrary code execution. The issue occurs on line 9191 of biosig.c in the current master branch, specifically when the Tag is 65, which corresponds to patient events. The vulnerability is triggered by the 'ifread' function, which reads data into a stack-allocated buffer without proper length validation, allowing for overflow and potential exploitation.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can overwrite adjacent memory on the stack, corrupting the program's execution flow. This type of memory corruption is commonly exploited to execute arbitrary code.

Reproduction

To reproduce this vulnerability, create a malicious MFER file that includes a length field greater than 128 bytes, encoded in a way that libbiosig's 'sopen_extended' function will misinterpret it as a valid length. This can be done by manipulating the file's header to include the magic bytes that signal it as an MFER file, and then crafting the data length to exceed the buffer's capacity. Once the file is prepared, it can be processed by libbiosig, triggering the buffer overflow condition.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.