Mark Bereza

**Name of the Vulnerable Software and Affected Versions** libbiosig versions 3.9.2 and Master Branch (db9a9a63) **Description** A heap-based buffer overflow exists in the Nicolet WFT parsing functionality of libbiosig. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this issue. **Recommendations** libbiosig version 3.9.2: Avoid processing untrusted or malicious .wft files. libbiosig Master Branch (db9a9a63): Avoid processing untrusted or malicious .wft files.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig versions 3.9.2 and Master Branch (5462afb0) **Description** An out-of-bounds read issue exists in the ABF parsing functionality. A specially crafted .abf file can trigger an information leak. An attacker can provide a malicious file to exploit this issue. **Recommendations** Update to a newer version of The Biosig Project libbiosig that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** libbiosig versions 3.9.2 and Master Branch (db9a9a63) **Description** A heap-based buffer overflow exists in the Intan CLP parsing functionality. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this issue. **Recommendations** libbiosig version 3.9.2: Avoid processing untrusted or malicious Intan CLP files. libbiosig Master Branch (db9a9a63): Avoid processing untrusted or malicious Intan CLP files.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig version 3.9.1 **Description** Several stack-based buffer overflow issues are present in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these issues when the Tag is 64. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig version 3.9.1 **Description** Several stack-based buffer overflow issues are present in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these issues when the Tag is 65. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig version 3.9.1 **Description** Several stack-based buffer overflow vulnerabilities exist in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities, particularly when the Tag is 67. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libbiosig version 3.9.1 **Description** The software contains stack-based buffer overflow issues in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can trigger these issues by providing a malicious file, specifically when the Tag is 131. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig version 3.9.1 **Description** Several stack-based buffer overflow vulnerabilities exist in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities when the Tag is 133. **Recommendations** Versions prior to 3.9.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Biosig Project libbiosig version 3.9.1 **Description** Several stack-based buffer overflow vulnerabilities exist in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities when the Tag is 3. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa) Description: A heap-based buffer overflow exists in the Nex parsing functionality. A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this issue. Recommendations: Update to a newer version of libbiosig that addresses this issue.

Name of the Vulnerable Software and Affected Versions: libbiosig version 3.9.0 libbiosig Master Branch (35a819fa) Description: A stack-based buffer overflow exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The issue manifests on line 8719 of `biosig.c` when the `tag` is 0. Recommendations: Update to a newer version of libbiosig that addresses this issue. As a temporary workaround, avoid processing untrusted or malicious MFER files.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 libbiosig Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8744 of `biosig.c` when the `tag` is 3. The overflowed buffer is `v` [1], which is 17 bytes large, and smaller values of `len` can trigger the overflow. Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8751 of `biosig.c` when the `tag` is 4. Recommendations: Update to a newer version of libbiosig that addresses this issue. As a temporary workaround, avoid processing untrusted MFER files.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8759 of `biosig.c` when the `tag` is 5. Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8779 of `biosig.c` when the `tag` is 6. Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 through Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8824 of `biosig.c` when the `tag` is 11. Recommendations: libbiosig versions prior to 3.9.0 should be used. As a temporary workaround, avoid processing untrusted or malicious MFER files.

**Name of the Vulnerable Software and Affected Versions:** libbiosig versions 3.9.0 and Master Branch (35a819fa) **Description:** A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8842 of `biosig.c` when the Tag is 12. A value of `len` greater than 130 or smaller than 2 can trigger a buffer overflow due to an integer underflow when computing `len-2`. **Recommendations:** libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 8850 of `biosig.c` when the `tag` is 13. Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** libbiosig versions 3.9.0 and Master Branch (35a819fa) **Description:** A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability occurs when processing the Tag 63 in `biosig.c` on line 8970, where the number of bytes read is determined by `len2`, which can be as large as 255, while the destination buffer `buf` has a size of only 128 bytes. **Recommendations:** libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa) Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 9090 of biosig.c when the Tag is 64, due to an overflow in the `tmp` buffer. The overflow can occur when `len` is greater than 256. Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.