CVE-2025-54481 (GCVE-0-2025-54481)
Vulnerability from cvelistv5
Published
2025-08-25 13:53
Modified
2025-08-25 19:10
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-121 - Stack-based Buffer Overflow
Summary
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3: else if (tag==3) { // character code char v[17]; // [1] if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len); curPos += ifread(&v,1,len,hdr); v[len] = 0; In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
References
talos-cna@cisco.comhttps://talosintelligence.com/vulnerability_reports/TALOS-2025-2234Exploit, Third Party Advisory
Impacted products
Vendor Product Version
The Biosig Project libbiosig Version: 3.9.0
Version: Master Branch (35a819fa)
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T19:10:05.248134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T19:10:14.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libbiosig",
          "vendor": "The Biosig Project",
          "versions": [
            {
              "status": "affected",
              "version": "3.9.0"
            },
            {
              "status": "affected",
              "version": "Master Branch (35a819fa)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Mark Bereza and Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:\r\n\r\n\t\t\t\telse if (tag==3) {\r\n\t\t\t\t\t// character code\r\n\t\t\t\t\tchar v[17];\t\t// [1]\r\n\t\t\t\t\tif (len\u003e16) fprintf(stderr,\"Warning MFER tag2 incorrect length %i\u003e16\\n\",len);\r\n\t\t\t\t\tcurPos += ifread(\u0026v,1,len,hdr);\r\n\t\t\t\t\tv[len]  = 0;\r\n\r\nIn this case, the overflowed buffer is the newly-declared `v` \\[1\\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-25T13:53:45.359Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2025-54481",
    "datePublished": "2025-08-25T13:53:45.359Z",
    "dateReserved": "2025-07-23T14:45:55.835Z",
    "dateUpdated": "2025-08-25T19:10:14.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54481\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2025-08-25T14:15:33.700\",\"lastModified\":\"2025-09-02T16:32:54.493\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:\\r\\n\\r\\n\\t\\t\\t\\telse if (tag==3) {\\r\\n\\t\\t\\t\\t\\t// character code\\r\\n\\t\\t\\t\\t\\tchar v[17];\\t\\t// [1]\\r\\n\\t\\t\\t\\t\\tif (len\u003e16) fprintf(stderr,\\\"Warning MFER tag2 incorrect length %i\u003e16\\\\n\\\",len);\\r\\n\\t\\t\\t\\t\\tcurPos += ifread(\u0026v,1,len,hdr);\\r\\n\\t\\t\\t\\t\\tv[len]  = 0;\\r\\n\\r\\nIn this case, the overflowed buffer is the newly-declared `v` \\\\[1\\\\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en la funcionalidad de an\u00e1lisis MFER de The Biosig Project libbiosig 3.9.0 y Master Branch (35a819fa). Un archivo MFER especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para activar esta vulnerabilidad. Esta vulnerabilidad se manifiesta en la l\u00ednea 8744 de biosig.c en la rama maestra actual (35a819fa), cuando la etiqueta es 3: else if (tag==3) { // character code char v[17]; // [1] if (len\u0026gt;16) fprintf(stderr,\\\"Warning MFER tag2 incorrect length %i\u0026gt;16\\\\n\\\",len); curPos += ifread(\u0026amp;v,1,len,hdr); v[len] = 0; En este caso, el b\u00fafer desbordado es el reci\u00e9n declarado `v` \\\\[1\\\\] en lugar de `buf`. Dado que `v` tiene solo 17 bytes, valores mucho m\u00e1s peque\u00f1os de `len` (incluso aquellos codificados utilizando un solo octeto) pueden provocar un desbordamiento en esta ruta de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libbiosig_project:libbiosig:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.1\",\"matchCriteriaId\":\"4893D615-FD95-4393-A5B0-E1BE19F180A6\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54481\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-25T19:10:05.248134Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-25T19:10:10.355Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Discovered by Mark Bereza and Lilith \u0026gt;_\u0026gt; of Cisco Talos.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"The Biosig Project\", \"product\": \"libbiosig\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.9.0\"}, {\"status\": \"affected\", \"version\": \"Master Branch (35a819fa)\"}]}], \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:\\r\\n\\r\\n\\t\\t\\t\\telse if (tag==3) {\\r\\n\\t\\t\\t\\t\\t// character code\\r\\n\\t\\t\\t\\t\\tchar v[17];\\t\\t// [1]\\r\\n\\t\\t\\t\\t\\tif (len\u003e16) fprintf(stderr,\\\"Warning MFER tag2 incorrect length %i\u003e16\\\\n\\\",len);\\r\\n\\t\\t\\t\\t\\tcurPos += ifread(\u0026v,1,len,hdr);\\r\\n\\t\\t\\t\\t\\tv[len]  = 0;\\r\\n\\r\\nIn this case, the overflowed buffer is the newly-declared `v` \\\\[1\\\\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2025-08-25T13:53:45.359Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54481\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-25T19:10:14.694Z\", \"dateReserved\": \"2025-07-23T14:45:55.835Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2025-08-25T13:53:45.359Z\", \"assignerShortName\": \"talos\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.