cve/2025/CVE-2025-54482.md

### [CVE-2025-54482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482)
![](https://img.shields.io/static/v1?label=Product&message=libbiosig&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Master%20Branch%20(35a819fa)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:

				else if (tag==4) {
					// SPR
					if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
					curPos += ifread(buf,1,len,hdr);

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234

#### Github
- https://github.com/ARPSyndicate/cve-scores
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2025-54482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482)`
			`![](https://img.shields.io/static/v1?label=Product&message=libbiosig&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=Master%20Branch%20(35a819fa)%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)`

			`### Description`

			A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4: else if (tag==4) { // SPR if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);

			`### POC`

			`#### Reference`
			`- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234`

			`#### Github`
			`- https://github.com/ARPSyndicate/cve-scores`