CVE-2025-54483: 
Linux Debian vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability (NVD, Talos).

The vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5. The issue occurs in the MFER parsing functionality where improper validation of length parameters can lead to a buffer overflow condition. The vulnerability has received a CVSS v3.1 Base Score of 9.8 CRITICAL with vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-121: Stack-based Buffer Overflow (Talos).

The vulnerability allows an attacker to execute arbitrary code through a specially crafted MFER file. Due to the critical CVSS score of 9.8, this vulnerability represents a severe security risk with potential for complete system compromise, including high impacts on confidentiality, integrity, and availability (Talos).

The vulnerability affects libbiosig versions up to (excluding) 3.9.1. Users should upgrade to version 3.9.1 or later when available (NVD).