An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability results from improper buffer size calculation (CWE-131) during FAMOS format file processing in the sopen_FAMOS_read function. This results in writing data outside the allocated buffer boundaries (CWE-787 — out-of-bounds write). An attacker can provide a malicious .famos file, whose processing by the library leads to memory corruption and consequently to arbitrary code execution.
Successful exploitation of the vulnerability allows an attacker to execute arbitrary code (RCE) in the context of an application using the libbiosig library, which may lead to complete system compromise.
Security patches available from the vendor should be applied according to the references. It is recommended to update the libbiosig package to a vulnerability-free version according to Fedora communications (package-announce mailing list) and the TALOS-2024-1925 report. It is also advisable to avoid processing .famos files from untrusted sources.
The Biosig Project libbiosig version 2.5.0 and Master branch (commit ab0ee111), as well as related packages in Fedora Project Fedora.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject40Libbiosig Project Libbiosig
APPLibbiosig Project2.5.0
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape