A critical heap-based buffer overflow in The Biosig Project libbiosig allows unauthenticated attackers to achieve arbitrary code execution by tricking a user into opening a malicious Intan CLP file.

This is a heap-based buffer overflow vulnerability located within the Intan CLP parsing functionality. An unauthenticated attacker can trigger this flaw by providing a specially crafted malicious file, leading to memory corruption and potential code execution.

A successful exploit of this vulnerability could lead to a complete compromise of the system running the affected software. Given the CVSS score of 9.8, the risk is categorized as Critical, as it allows for remote code execution without requiring user credentials. This could result in unauthorized data access, system instability, or the installation of persistent malware.

Immediate Action: Update libbiosig to the latest version available from the official repository or apply the security patches provided by The Biosig Project.

Proactive Monitoring: Implement file integrity monitoring and review system logs for unusual crashes or unauthorized memory access patterns when processing Intan CLP files.

Compensating Controls: Restrict the ingestion of untrusted Intan CLP files and utilize sandboxing environments for file parsing to isolate potential exploitation attempts.

Public Exploit Available: No

This vulnerability represents a significant risk to the integrity of systems utilizing libbiosig for medical or signal data processing. We strongly recommend that administrators apply the latest updates immediately to mitigate the risk of arbitrary code execution.