CVE-2025-54489: 
Linux Debian vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. The vulnerability was discovered and disclosed on August 25, 2025 (Talos, NVD).

The vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63. The issue occurs in the MFER parsing functionality where a stack-based buffer overflow can be triggered through a specially crafted input file. The vulnerability has been assigned a CVSSv3 score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) (Talos).

The vulnerability allows an attacker to write arbitrary data past the end of a stack-allocated buffer, potentially resulting in arbitrary code execution. Since the overflowed data is controlled by the attacker through the input file, this creates a significant security risk that could lead to complete system compromise (Talos).

The vulnerability affects The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). Users should update to a patched version when available or implement input validation controls to prevent processing of maliciously crafted MFER files (Talos).