A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability (CWE-415) consists of double-freeing the same memory area during processing of the ASCII header in BrainVision format. The attacker delivers a malicious .vhdr file to the victim, whose opening by an application using libbiosig triggers a memory management error. Improper heap operations resulting from double-free can be exploited to take control of the program's execution flow and execute arbitrary code.
An attacker can gain full arbitrary code execution (RCE) in the context of the process handling the file, which may lead to violations of system confidentiality, integrity, and availability.
Patches available from the vendor should be applied in accordance with the references. It is recommended to monitor updates of the Biosig project and update the libbiosig package in the Fedora distribution in accordance with the announcement published on the package-announce mailing list. Avoid opening .vhdr files from untrusted sources.
The Biosig Project libbiosig 2.5.0 and Master branch (commit ab0ee111); Fedora (packages containing vulnerable libbiosig version)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject40Libbiosig Project Libbiosig
APPLibbiosig Project2.5.0
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape