Description

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12: else if (tag==12) //0x0C { // sampling resolution if (len>6) fprintf(stderr,"Warning MFER tag12 incorrect length %i>6\n",len); val32 = 0; int8_t v8; curPos += ifread(&UnitCode,1,1,hdr); curPos += ifread(&v8,1,1,hdr); curPos += ifread(buf,1,len-2,hdr); In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.

INFO

Published Date :

2025-08-25T13:53:46.068Z

Last Modified :

2025-08-25T19:05:00.587Z

Source :

talos
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54487 vulnerability.

Vendors Products
Libbiosig Project
  • Libbiosig
The Biosig Project
  • Libbiosig
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54487.

URL Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact