CVE-2025-54489

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch (35a819fa)

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability occurs when processing the Tag 63 in biosig.c on line 8970, where the number of bytes read is determined by len2, which can be as large as 255, while the destination buffer buf has a size of only 128 bytes.

Recommendations: libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.