The Biosig Project libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs on line 9141 of biosig.c in the current master branch, specifically when the Tag is 67, related to 'Sample skew'. The vulnerability is triggered by an unvalidated length that allows for an overflow of a stack-allocated buffer, leading to potential exploitation.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can corrupt the stack and potentially lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a maliciously crafted MFER file that exploits the unvalidated length handling in the libbiosig library. The file must be structured to include a Tag 67 with a length that exceeds the expected size, causing the library to read more data than a stack buffer can safely handle. This can be done by encoding the length in a way that libbiosig misinterprets, such as using multiple octets to specify a length greater than what the library's parsing logic can accommodate.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.