CVE-2024-23606: 
Linux Debian vulnerability analysis and mitigation

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. The vulnerability was discovered by Lilith >_> of Cisco Talos and assigned CVE-2024-23606 with a CVSS score of 9.8 (Talos Report).

The vulnerability occurs in the sopen_FAMOS_read function where the hdr->CHANNEL buffer can be allocated with calloc(0x0,sizeof(CHANNEL_TYPE)). When processing certain FAMOS file opcodes like 'Cb,1' and 'CR,1', which have no state machine requirements, writes to hdr->CHANNEL[CHAN].bi can occur before the buffer is properly sized, leading to out-of-bounds writes. This happens because these opcodes can be processed before the hdr->CHANNEL buffer is reallocated to an appropriate size (Talos Report).

The vulnerability allows attackers to potentially execute arbitrary code on the targeted system by providing a specially crafted FAMOS file. Given the library's use in processing medical signal data (EKG, EEG, etc.) and its integration with various scientific software, successful exploitation could compromise sensitive medical data processing systems (Talos Report).

The vulnerability has been patched in version 2.6.0 of the software. In this version, FAMOS support is disabled by default and can only be enabled by setting BIOSIG_FAMOS_TRUST_INPUT=1 to mitigate the vulnerability (Fedora Update).