### [CVE-2025-54494](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54494)
![](https://img.shields.io/static/v1?label=Product&message=libbiosig&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Master%20Branch%20(35a819fa)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brightgreen)

### Description

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133:

                else if (tag==133)    //0x85
                {
                    curPos += ifread(buf,1,len,hdr);

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234

#### Github
No PoCs found on GitHub currently.