The Biosig Project Libbiosig Out-of-Bounds Read Vulnerability in ABF Parsing
Vulnerability
A vulnerability allowing out-of-bounds read has been identified in The Biosig Project's libbiosig version 3.9.2 and the Master Branch (5462afb0). This vulnerability arises in the ABF (Axon Binary File) parsing functionality, where a specially crafted .abf file can cause an information leak. The issue is triggered when a malicious file is processed by the library.
Impact
Exploitation of this vulnerability leads to an out-of-bounds read, causing a segmentation fault and potentially allowing for information leakage.
Reproduction
The vulnerability can be reproduced by using libbiosig to open a crafted ABF file that exploits the out-of-bounds read condition. This can be done by manipulating the 'nADCSamplingSeq' values in the ABF file to exceed the bounds of the 'sADCChannelName' array, which is not properly validated before being used in a 'strncpy' operation. The attached proof-of-concept file demonstrates this exploitation.
Remediation
Users are advised to update to the patched version of libbiosig, which is available on the project's official website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.