SB2025082735 - Multiple vulnerabilities in The Biosig Project libbiosig
Published: August 27, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2025-54462)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Nex parsing functionality. A remote attacker can use a specially crafted .nex file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2025-54489)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 63. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Stack-based buffer overflow (CVE-ID: CVE-2025-54484)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 6. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2025-54483)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 5. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2025-54482)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 4. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2025-54492)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 67. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2025-54487)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 12. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2025-54494)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 133. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2025-54493)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 131. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: CVE-2025-54480)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 0. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Stack-based buffer overflow (CVE-ID: CVE-2025-54481)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 3. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Stack-based buffer overflow (CVE-ID: CVE-2025-54485)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 8. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Stack-based buffer overflow (CVE-ID: CVE-2025-54486)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 11. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Stack-based buffer overflow (CVE-ID: CVE-2025-54491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 65. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Stack-based buffer overflow (CVE-ID: CVE-2025-54490)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 64. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Stack-based buffer overflow (CVE-ID: CVE-2025-54488)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality when the Tag is 13. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Heap-based buffer overflow (CVE-ID: CVE-2025-48005)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the RHS2000 parsing functionality. A remote attacker can use a specially crafted RHS2000 file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Integer overflow (CVE-ID: CVE-2025-52581)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the GDF parsing functionality. A remote attacker can use a specially crafted GDF file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Heap-based buffer overflow (CVE-ID: CVE-2025-53853)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ISHNE parsing functionality. A remote attacker can use a specially crafted ISHNE ECG annotations file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Out-of-bounds read (CVE-ID: CVE-2025-52461)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the Nex parsing functionality. A remote attacker can use a specially crafted .nex file, trigger an out-of-bounds read error and read contents of memory on the system, leading to denial of service (DoS) attack.
21) Heap-based buffer overflow (CVE-ID: CVE-2025-53557)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality. A remote attacker can use a specially crafted MFER file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Heap-based buffer overflow (CVE-ID: CVE-2025-53511)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality. A remote attacker can use a specially crafted MFER file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Stack-based buffer overflow (CVE-ID: CVE-2025-46411)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the MFER parsing functionality. A remote unauthenticated attacker can use a specially crafted MFER file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Integer overflow (CVE-ID: CVE-2025-53518)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the ABF parsing functionality. A remote attacker can use a specially crafted ABF file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2239
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2234
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2240
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2233
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2232
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2238
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2235
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2237
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2236
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2231