The Biosig Project Libbiosig Heap-Based Buffer Overflow Vulnerability in Nicolet WFT Parsing

A heap-based buffer overflow vulnerability has been identified in The Biosig Project libbiosig version 3.9.2 and the Master Branch (db9a9a63). This vulnerability arises in the parsing functionality for Nicolet WFT files, a format used by Nicolet digital oscilloscopes. The issue allows for arbitrary code execution when a specially crafted .wft file is processed. The vulnerability is triggered by the 'sopen_extended' function, which fails to properly validate the length of data being copied into a fixed-size buffer, leading to a heap overflow that can be exploited to execute malicious code.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to arbitrary code execution. However, on some platforms, the default configuration of libbiosig has '_FORTIFY_SOURCE' enabled, which can detect the buffer overflow and terminate the program, reducing the impact to a denial-of-service.

Reproduction

The vulnerability can be reproduced by using a .wft file that is crafted to exploit the buffer overflow in the Nicolet WFT parsing. This file should be processed using the 'sopen_extended' function in libbiosig, which will trigger the vulnerability by copying unchecked data into a heap-allocated buffer.

Remediation

The vulnerability has been patched in the latest version of libbiosig. Users should update to this version. The patch involves changing the parsing logic for WFT file headers to enforce fixed sizes and offsets, preventing similar vulnerabilities in the future.