CVE-2025-52581: 
Linux Debian vulnerability analysis and mitigation

An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. The vulnerability was discovered by Mark Bereza and Lilith of Cisco Talos and was disclosed on August 6, 2025, with a patch released on August 24, 2025 (Talos Report).

The vulnerability is an integer overflow condition that occurs in the read_header function when computing the expression 8+hdr->EVENT.N*sze for allocating memory via realloc. Both hdr->EVENT.N (number of events) and sze (size of each event) are computed from the file's contents, making them attacker-controlled. When sufficiently large values are used, the integer overflow results in a smaller allocation than intended, leading to a heap-based buffer overflow during subsequent data writing operations. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Talos Report, NVD).

The vulnerability allows an attacker to write arbitrary data past the end of a heap-allocated buffer by supplying a specially-crafted malicious GDF file as input to libbiosig. Depending on the heap layout, this buffer overflow condition can potentially lead to arbitrary code execution (Talos Report).

The vulnerability has been patched in versions released after August 24, 2025. Users should upgrade to the latest version of libbiosig that contains the fix. No specific workarounds have been provided for users who cannot immediately upgrade (Talos Report).