Stack-Based Buffer Overflow in Biosig Project's Libbiosig Affects Multiple Versions
CVE-2025-54484

9.8CRITICAL

Key Information:

Vendor: The BiOSig Project
Status: LibbiOSig
Vendor: CVE Published:; 25 August 2025

🔔 Create The BiOSig Project Vulnerability Alert

What is CVE-2025-54484?

A stack-based buffer overflow vulnerability appears in the MFER parsing functionality of the Biosig Project's libbiosig version 3.9.0 and the current master branch (35a819fa). An attacker may exploit this vulnerability by providing a specially crafted MFER file, leading to potential arbitrary code execution. The vulnerability is particularly evident in the code execution pathway at line 8779 of biosig.c when a specific tag (6) is processed, which fails to handle certain input lengths correctly. This oversight could allow an attacker to manipulate the application’s execution flow.

Affected Version(s)

libbiosig 3.9.0

libbiosig Master Branch (35a819fa)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

Discovered by Mark Bereza and Lilith >_> of Cisco Talos.