The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing

A stack-based buffer overflow vulnerability has been identified in The Biosig Project's libbiosig version 3.9.0 and the Master Branch (35a819fa). This vulnerability arises in the MFER (Medical waveform Format Encoding Rules) parsing functionality, where a specially crafted MFER file can be used to execute arbitrary code. The issue occurs on line 9184 of biosig.c in the current master branch, specifically when the Tag is 131. The vulnerability is triggered by the unvalidated length of the data being read into a stack-allocated buffer, allowing for an overflow that can be exploited to execute malicious code.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

To reproduce this vulnerability, create a malicious MFER file that includes a frame with Tag 131 and a Data Length of 7 bytes. The file should be crafted to exploit the unvalidated length handling in the libbiosig library, specifically in the 'sopen_extended' function. Once the file is prepared, it can be used to trigger the vulnerability by loading it with an application that uses the libbiosig library, such as Octave or Matlab.

Remediation

Users are advised to update to the patched version of libbiosig, which is available on the project's official website.