CVE-2025-54490
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-11-03
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libbiosig_project | libbiosig | to 3.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the MFER parsing functionality of The Biosig Project libbiosig version 3.9.0 and its master branch. It occurs when processing a specially crafted MFER file with a tag value of 64. The code allocates a temporary buffer of 256 bytes, but if the length of the data to read exceeds 256 bytes due to multi-octet encoding, it causes a stack overflow. This overflow can allow an attacker to execute arbitrary code by providing a malicious MFER file.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the affected system without requiring any privileges or user interaction. An attacker can exploit it remotely by supplying a malicious MFER file, potentially compromising the confidentiality, integrity, and availability of the system.