CVE-2025-54487
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libbiosig_project | libbiosig | to 3.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the MFER parsing functionality of The Biosig Project libbiosig version 3.9.0 and its master branch. It occurs when processing a specially crafted MFER file with a Tag value of 12. If the length value (len) is greater than 130 or smaller than 2, it causes a buffer overflow due to improper handling of the length parameter, including an integer underflow when computing len-2. This can allow an attacker to execute arbitrary code by providing a malicious MFER file.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on the affected system without any privileges or user interaction, potentially leading to full system compromise. Because it is a stack-based buffer overflow, it can be exploited remotely by supplying a malicious MFER file, resulting in high impact on confidentiality, integrity, and availability of the system.