CVE-2024-23310: 
Linux Debian vulnerability analysis and mitigation

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). The vulnerability was discovered by Lilith of Cisco Talos and was disclosed on February 20, 2024. The vulnerability affects the libbiosig library, which is designed to process various types of medical signal data (EKG, EEG, etc.) within different file formats (Talos).

The vulnerability exists in the sopen_FAMOS_read function where a realloc operation can change the underlying address of the memory buffer. While the hdr->AS.Header is reassigned after realloc, the t and t2 variables are not updated, leaving them dangling on freed memory if the buffer shifts. This results in multiple use-after-free read and write situations when these variables are subsequently used. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (Talos).

The vulnerability can lead to arbitrary code execution when a specially crafted .famos file is processed. An attacker can trigger this vulnerability by providing a malicious file, potentially resulting in complete system compromise due to the critical severity rating and high impact on confidentiality, integrity, and availability (Talos).

The vulnerability has been addressed in biosig4c++ version 2.6.0, where FAMOS support is disabled by default and can only be enabled by setting BIOSIG_FAMOS_TRUST_INPUT=1. Users are advised to upgrade to this version to mitigate the vulnerability (Fedora Update).