Source: biosig Version: 3.9.0-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for biosig. CVE-2026-22891[0]: | A heap-based buffer overflow vulnerability exists in the Intan CLP | parsing functionality of The Biosig Project libbiosig 3.9.2 and | Master Branch (db9a9a63). A specially crafted Intan CLP file can | lead to arbitrary code execution. An attacker can provide a | malicious file to trigger this vulnerability. CVE-2026-20777[1]: | A heap-based buffer overflow vulnerability exists in the Nicolet WFT | parsing functionality of The Biosig Project libbiosig 3.9.2 and | Master Branch (db9a9a63). A specially crafted .wft file can lead to | arbitrary code execution. An attacker can provide a malicious file | to trigger this vulnerability. CVE-2025-64736[2]: | An out-of-bounds read vulnerability exists in the ABF parsing | functionality of The Biosig Project libbiosig 3.9.2 and Master | Branch (5462afb0). A specially crafted .abf file can lead to an | information leak. An attacker can provide a malicious file to | trigger this vulnerability. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-22891 https://www.cve.org/CVERecord?id=CVE-2026-22891 [1] https://security-tracker.debian.org/tracker/CVE-2026-20777 https://www.cve.org/CVERecord?id=CVE-2026-20777 [2] https://security-tracker.debian.org/tracker/CVE-2025-64736 https://www.cve.org/CVERecord?id=CVE-2025-64736 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
