A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Weakness
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libbiosig | Libbiosig_project | 2.5.0 (including) | 2.5.0 (including) |
| Biosig | Ubuntu | mantic | * |
| Biosig | Ubuntu | upstream | * |
Potential Mitigations
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1923