CVE-2024-23809: 
Linux Debian vulnerability analysis and mitigation

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability (Talos Report).

The vulnerability occurs in the BrainVision ASCII Header Parsing functionality when processing .vhdr files. The issue arises from a double-free condition where a FILE object pointer is freed twice: once during initial file processing and again during ASCII flag handling. This vulnerability has been assigned a CVSSv3 score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is categorized as CWE-415 (Double Free) (Talos Report).

If successfully exploited, this vulnerability could lead to memory corruption and potentially arbitrary code execution on the targeted system. Given the critical CVSS score of 9.8, this vulnerability represents a severe security risk, particularly in medical environments where libbiosig is used for processing biomedical signal data (Talos Report).

The vendor has released version 2.6.0 which includes fixes for this vulnerability. Users are advised to upgrade to the latest version. The fix includes improvements to the BrainVision parser and additional sanity checks (Fedora Update).

The vulnerability was discovered by Lilith >_> of Cisco Talos and was publicly disclosed on February 20, 2024, following responsible disclosure procedures. The vendor responded promptly by releasing a patch on February 19, 2024 (Talos Report).