PT-2025-34644 · Libbiosig+1 · Libbiosig+1
Mark Bereza
·
Published
2025-01-01
·
Updated
2025-08-25
·
CVE-2025-54490
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
libbiosig versions 3.9.0 and Master Branch (35a819fa)
Description:
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. The vulnerability manifests on line 9090 of biosig.c when the Tag is 64, due to an overflow in the
tmp buffer. The overflow can occur when len is greater than 256.Recommendations:
libbiosig version 3.9.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
libbiosig Master Branch (35a819fa): At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Libbiosig