CVE-2025-66047
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-17
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libbiosig_project | libbiosig | to 3.9.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying the presence of malicious MFER files with malformed Tag 3 TLV frames that exceed the expected length. Since the vulnerability is triggered by processing MFER files with a length field greater than 17 bytes for Tag 3, you can scan for such files. For example, you can use file inspection tools or write scripts to parse MFER files and check the length field of Tag 3 TLV frames. Additionally, monitoring application logs for warnings related to length exceeding 16 bytes in libbiosig's MFER parser may help. Specific commands are not provided in the resources. [1]
Can you explain this vulnerability to me?
This vulnerability involves several stack-based buffer overflow issues in the MFER parsing functionality of The Biosig Project libbiosig version 3.9.1. When processing a specially crafted MFER file with Tag 131, these vulnerabilities can be triggered, potentially allowing an attacker to execute arbitrary code by providing a malicious file.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary code execution on the affected system without any user interaction or privileges required. This means an attacker could take full control of the system, potentially leading to data loss, system compromise, or further attacks.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding processing untrusted or suspicious MFER files, especially those that might contain malformed Tag 3 TLV frames with length fields exceeding 16 bytes. Applying patches or updates to libbiosig that fix the buffer overflow issue is recommended once available. If no patch is available, consider disabling or restricting the use of libbiosig's MFER parsing functionality in your environment to prevent exploitation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing MFER files processed by libbiosig 3.9.1 for malformed TLV frames, specifically those with Tag value 3 where the length field exceeds the expected buffer size (greater than 17 bytes). Detection involves inspecting MFER files for unusually large length fields in Tag 3 frames. Since the vulnerability is triggered by processing malicious MFER files, monitoring or scanning for such files or attempts to open them with libbiosig 3.9.1 can help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of libbiosig version 3.9.1 for processing MFER files until a patched version is available. Do not open or process untrusted or suspicious MFER files, especially those with potentially malformed TLV frames. Implement input validation or filtering to block MFER files with Tag 3 length fields exceeding safe limits. Monitoring for suspicious activity related to MFER file processing is also recommended. [1]