The Biosig Project libbiosig Intan CLP Parsing Heap-Based Buffer Overflow Vulnerability
Vulnerability
A heap-based buffer overflow vulnerability has been identified in The Biosig Project libbiosig version 3.9.2 and the Master Branch (db9a9a63). This vulnerability arises in the Intan CLP parsing functionality, where a specially crafted Intan CLP file can lead to arbitrary code execution. The issue is triggered when a malicious file is processed by the library.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using a crafted Intan CLP file that exploits the buffer overflow condition during the parsing process. This can be done by loading the file with libbiosig, which will process it through the vulnerable 'sopen_intan_clp_read' function.
Remediation
Users are advised to update to the patched version of libbiosig, which is available on the official Biosig Project website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.