CVE-2025-54481
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libbiosig_project | libbiosig | to 3.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and its master branch. It occurs when processing a specially crafted MFER file with a Tag value of 3. The code allocates a small buffer of 17 bytes but does not properly check the length of the input data, allowing an attacker to overflow this buffer by providing a length greater than 16. This overflow can lead to arbitrary code execution by an attacker who supplies a malicious MFER file.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on the affected system by providing a malicious MFER file. This could lead to full compromise of the system, including unauthorized access, data theft, or disruption of service.