CVE-2024-21795

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Biosig Project libbiosig versions 2.5.0 through Master Branch (ab0ee111)

Description A heap-based buffer overflow vulnerability exists in the .egi parsing functionality. A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Recommendations For versions 2.5.0 through Master Branch (ab0ee111), consider disabling the .egi parsing functionality until a patch is available. Restrict access to the .egi file parsing module to minimize the risk of exploitation. Avoid using specially crafted .egi files in the affected functionality until the issue is resolved.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2024-21795

Affected Products

Debian

Libbiosig

CVE-2024-21795

Weakness Enumeration

Related Identifiers

Affected Products

References · 14