### [CVE-2025-54482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482)
![](https://img.shields.io/static/v1?label=Product&message=libbiosig&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Master%20Branch%20(35a819fa)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:

				else if (tag==4) {
					// SPR
					if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
					curPos += ifread(buf,1,len,hdr);

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234

#### Github
- https://github.com/ARPSyndicate/cve-scores