CVE-2025-66048
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-17
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libbiosig_project | libbiosig | to 3.9.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for the presence of specially crafted MFER files with malformed TLV frames, particularly those with Tag value 3 and length fields exceeding 17 bytes. Since the vulnerability is triggered by processing such files, scanning for MFER files with suspicious length fields can help detect attempts to exploit this issue. Specific commands are not provided in the resources, but one could use file inspection tools or custom scripts to parse MFER files and check the length fields of Tag 3 TLV frames for values greater than 17 bytes. [1]
Can you explain this vulnerability to me?
This vulnerability involves several stack-based buffer overflow issues in the MFER parsing functionality of The Biosig Project libbiosig version 3.9.1. When processing a specially crafted MFER file, these vulnerabilities can be triggered, potentially allowing an attacker to execute arbitrary code by providing a malicious file.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary code execution on the affected system without requiring any privileges or user interaction. This means an attacker could take full control of the system, potentially leading to data loss, system compromise, or further attacks.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the processing of untrusted or unauthenticated MFER files, especially those that could contain maliciously crafted TLV frames with Tag 3 length fields exceeding 17 bytes. Applying patches or updates to libbiosig once available is recommended. Until then, restricting or validating input files to ensure they conform to expected length constraints can reduce risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying malicious MFER files with malformed Tag 3 TLV frames that have length fields exceeding the expected buffer size (greater than 17 bytes). Since the vulnerability is triggered by processing such files, scanning for MFER files with suspiciously large length fields in Tag 3 can help detect attempts to exploit this issue. Specific commands are not provided in the resources, but monitoring file inputs to libbiosig 3.9.1 or using AddressSanitizer during testing to detect buffer overflows when processing MFER files can be effective. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding processing untrusted or specially crafted MFER files with libbiosig version 3.9.1, especially those containing Tag 3 TLV frames with length fields exceeding 17 bytes. Applying patches or updates from the libbiosig project that fix the buffer overflow issue is recommended once available. Additionally, using runtime protections such as AddressSanitizer during development or deployment can help detect exploitation attempts. [1]