[Debian-med-packaging] Bug#1122863: biosig: CVE-2025-66047 CVE-2025-66045 CVE-2025-66044 CVE-2025-66048 CVE-2025-66043 CVE-2025-66046
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 13 13:47:44 GMT 2025
Source: biosig
Version: 3.9.0-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for biosig.
Filling this as RC level as it should be fixed for forky.
CVE-2025-66047[0]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 131
CVE-2025-66045[1]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 65
CVE-2025-66044[2]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 64
CVE-2025-66048[3]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 133
CVE-2025-66043[4]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 3
CVE-2025-66046[5]:
| Several stack-based buffer overflow vulnerabilities exists in the
| MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A
| specially crafted MFER file can lead to arbitrary code execution. An
| attacker can provide a malicious file to trigger these
| vulnerabilities.When Tag is 67
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-66047
https://www.cve.org/CVERecord?id=CVE-2025-66047
[1] https://security-tracker.debian.org/tracker/CVE-2025-66045
https://www.cve.org/CVERecord?id=CVE-2025-66045
[2] https://security-tracker.debian.org/tracker/CVE-2025-66044
https://www.cve.org/CVERecord?id=CVE-2025-66044
[3] https://security-tracker.debian.org/tracker/CVE-2025-66048
https://www.cve.org/CVERecord?id=CVE-2025-66048
[4] https://security-tracker.debian.org/tracker/CVE-2025-66043
https://www.cve.org/CVERecord?id=CVE-2025-66043
[5] https://security-tracker.debian.org/tracker/CVE-2025-66046
https://www.cve.org/CVERecord?id=CVE-2025-66046
[6] https://sourceforge.net/p/biosig/mailman/message/59271419/
[7] https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Debian-med-packaging
mailing list