An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability (CWE-191) consists of integer underflow during .famos format file processing by the sopen_FAMOS_read function. Incorrect integer value calculation leads to out-of-bounds write beyond the allocated buffer boundaries. An attacker can provide a specially crafted .famos file which, when processed by the library, triggers this error and enables arbitrary code execution.
Successful exploitation of the vulnerability allows an attacker to execute arbitrary code (RCE) in the context of the process handling the file, which may lead to complete system takeover, violation of data confidentiality and integrity, and loss of service availability.
Apply patches available from the vendor according to references (Talos Intelligence report TALOS-2024-1922 and Fedora announcement). It is recommended to update the libbiosig package to a version containing the fix and to avoid processing .famos files from untrusted sources until the patch is deployed.
The Biosig Project libbiosig 2.5.0 and main branch (commit ab0ee111); libbiosig packages in Fedora distribution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject40Libbiosig Project Libbiosig
APPLibbiosig Project2.5.0
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape