The Biosig Project Libbiosig Stack-Based Buffer Overflow Vulnerability in MFER Parsing
Vulnerability
A stack-based buffer overflow vulnerability has been identified in The Biosig Project libbiosig version 3.9.1, specifically within the MFER parsing functionality. This vulnerability allows for arbitrary code execution by exploiting how the library processes specially crafted MFER files. The issue arises when the library reads data from these files into fixed-size buffers without proper length validation, leading to memory corruption.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using a maliciously crafted MFER file that exploits the buffer overflow in libbiosig's MFER parsing code. The file must be designed to encode a length greater than what the library expects, particularly targeting Tags 3, 64, 65, 67, 131, or 133, which are known to trigger the vulnerability.
Remediation
Users are advised to update to the patched version of libbiosig, which is available on the project's official website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.