← Volver a CVEs
CVE-2025-54480
CRITICAL9.8
Descripcion
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0: if (tag==0) { if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len); curPos += ifread(buf,1,len,hdr); }
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/25/2025
Ultima modificacion11/3/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
libbiosig_project:libbiosig
Debilidades (CWE)
CWE-121
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234(talos-cna@cisco.com)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2234(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.