Source: biosig Version: 3.9.0-1 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for biosig. Filling this as RC level as it should be fixed for forky. CVE-2025-66047[0]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 131 CVE-2025-66045[1]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 65 CVE-2025-66044[2]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 64 CVE-2025-66048[3]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 133 CVE-2025-66043[4]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 3 CVE-2025-66046[5]: | Several stack-based buffer overflow vulnerabilities exists in the | MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A | specially crafted MFER file can lead to arbitrary code execution. An | attacker can provide a malicious file to trigger these | vulnerabilities.When Tag is 67 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-66047 https://www.cve.org/CVERecord?id=CVE-2025-66047 [1] https://security-tracker.debian.org/tracker/CVE-2025-66045 https://www.cve.org/CVERecord?id=CVE-2025-66045 [2] https://security-tracker.debian.org/tracker/CVE-2025-66044 https://www.cve.org/CVERecord?id=CVE-2025-66044 [3] https://security-tracker.debian.org/tracker/CVE-2025-66048 https://www.cve.org/CVERecord?id=CVE-2025-66048 [4] https://security-tracker.debian.org/tracker/CVE-2025-66043 https://www.cve.org/CVERecord?id=CVE-2025-66043 [5] https://security-tracker.debian.org/tracker/CVE-2025-66046 https://www.cve.org/CVERecord?id=CVE-2025-66046 [6] https://sourceforge.net/p/biosig/mailman/message/59271419/ [7] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
