{"url":"http://public2.vulnerablecode.io/api/packages/89218?format=json","purl":"pkg:deb/debian/biosig@2.1.2-4?distro=trixie","type":"deb","namespace":"debian","name":"biosig","version":"2.1.2-4","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.0-1","latest_non_vulnerable_version":"3.9.5-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61071?format=json","vulnerability_id":"VCID-14cy-t8he-rfam","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66045","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66045"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66045","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:26Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66045"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14cy-t8he-rfam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61067?format=json","vulnerability_id":"VCID-25ka-1vtj-akec","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133:\r \r                 else if (tag==133)    //0x85\r                 {\r                     curPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54494","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54494"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:21:09Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54494"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25ka-1vtj-akec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60998?format=json","vulnerability_id":"VCID-2md4-431b-2fh4","summary":"A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21795","reference_id":"","reference_type":"","scores":[{"value":"0.01273","scoring_system":"epss","scoring_elements":"0.79897","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01273","scoring_system":"epss","scoring_elements":"0.79902","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01273","scoring_system":"epss","scoring_elements":"0.79886","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01273","scoring_system":"epss","scoring_elements":"0.79905","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21795"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920","reference_id":"TALOS-2024-1920","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:31:36Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-21795"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2md4-431b-2fh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61015?format=json","vulnerability_id":"VCID-3zrc-8yrv-b3fb","summary":"An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23313","reference_id":"","reference_type":"","scores":[{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82174","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82169","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82183","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82172","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01617","scoring_system":"epss","scoring_elements":"0.82176","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23313"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922","reference_id":"TALOS-2024-1922","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-13T13:38:45Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-23313"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrc-8yrv-b3fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61048?format=json","vulnerability_id":"VCID-4c21-bu1z-gfa3","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:\r \r \t\t\t\telse if (tag==3) {\r \t\t\t\t\t// character code\r \t\t\t\t\tchar v[17];\t\t// [1]\r \t\t\t\t\tif (len>16) fprintf(stderr,\"Warning MFER tag2 incorrect length %i>16\\n\",len);\r \t\t\t\t\tcurPos += ifread(&v,1,len,hdr);\r \t\t\t\t\tv[len]  = 0;\r \r In this case, the overflowed buffer is the newly-declared `v` \\[1\\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54481","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54481"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:10:05Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54481"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c21-bu1z-gfa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61073?format=json","vulnerability_id":"VCID-5yws-vf2e-g7ea","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66047","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66047"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:12Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66047"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yws-vf2e-g7ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61076?format=json","vulnerability_id":"VCID-77yh-sjcr-g7ew","summary":"A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22891","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40532","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40562","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889","reference_id":"1130889","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361","reference_id":"TALOS-2026-2361","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T15:17:18Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22891"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77yh-sjcr-g7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61062?format=json","vulnerability_id":"VCID-7jgd-du4c-sbd9","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63:\r \r                 else if (tag==63) {\r                     uint8_t tag2=255, len2=255;\r \r                     count = 0;\r                     while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){\r                         curPos += ifread(&tag2,1,1,hdr);\r                         curPos += ifread(&len2,1,1,hdr);\r                         if (VERBOSE_LEVEL==9)\r                             fprintf(stdout,\"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\\n\",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count);\r \r                         if (FlagInfiniteLength && len2==0 && tag2==0) break;\r \r                         count  += (2+len2);\r                         curPos += ifread(&buf,1,len2,hdr);\r \r Here, the number of bytes read is not the Data Length decoded from the current frame in the file (`len`) but rather is a new length contained in a single octet read from the same input file (`len2`). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still `buf`, which has a size of only 128 bytes, while `len2` can be as large as 255.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54489","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54489"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:03:04Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54489"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jgd-du4c-sbd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61066?format=json","vulnerability_id":"VCID-9c5h-3zvz-8yaf","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131:\r \r                 else if (tag==131)    //0x83\r                 {\r                     // Patient Age\r                     if (len!=7) fprintf(stderr,\"Warning MFER tag131 incorrect length %i!=7\\n\",len);\r                     curPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54493","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:21:39Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54493"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9c5h-3zvz-8yaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61058?format=json","vulnerability_id":"VCID-avy4-npdf-1fac","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11:\r \r                 else if (tag==11)    //0x0B\r                 {\r                     // Fs\r                     if (len>6) fprintf(stderr,\"Warning MFER tag11 incorrect length %i>6\\n\",len);\r                     double  fval;\r                     curPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54486","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54486"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54486","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54486"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:06:23Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54486"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avy4-npdf-1fac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61039?format=json","vulnerability_id":"VCID-bz75-v3p7-zyfx","summary":"An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53518","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63021","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62997","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63015","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63012","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6301","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53518"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2231","reference_id":"TALOS-2025-2231","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-25T14:08:49Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2231"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53518"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz75-v3p7-zyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61074?format=json","vulnerability_id":"VCID-ccn2-ja4k-93da","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66048","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:05Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66048"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccn2-ja4k-93da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61070?format=json","vulnerability_id":"VCID-ct4f-kxhg-6yaj","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66044","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66044"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:33Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66044"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct4f-kxhg-6yaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61069?format=json","vulnerability_id":"VCID-erf7-mvc1-3ud5","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66043","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66043"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:40Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66043"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erf7-mvc1-3ud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61031?format=json","vulnerability_id":"VCID-es1h-jc37-kfaj","summary":"An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52461","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.323","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32323","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.324","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3233","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2238","reference_id":"TALOS-2025-2238","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-26T20:11:56Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2238"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-52461"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-es1h-jc37-kfaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61056?format=json","vulnerability_id":"VCID-f5kw-jf91-pfhv","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:\r \r \t\t\t\telse if (tag==6) \t// 0x06 \"number of sequences\"\r \t\t\t\t{\r \t\t\t\t\t// NRec\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag6 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54484","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54484"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:08:17Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54484"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5kw-jf91-pfhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61004?format=json","vulnerability_id":"VCID-fam7-973s-b7bn","summary":"A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22097","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55828","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55797","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55823","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55816","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-22097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22097"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917","reference_id":"TALOS-2024-1917","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-14T19:07:46Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-22097"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fam7-973s-b7bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61026?format=json","vulnerability_id":"VCID-h3m9-et77-63cr","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46411","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58538","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58553","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58552","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46411"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236","reference_id":"TALOS-2025-2236","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:03:59Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-46411"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3m9-et77-63cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61012?format=json","vulnerability_id":"VCID-h9gj-mgcs-8yak","summary":"A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23310","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68111","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68118","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6811","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68095","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23310"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923","reference_id":"TALOS-2024-1923","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:30:36Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-23310"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9gj-mgcs-8yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61068?format=json","vulnerability_id":"VCID-kjq6-mknn-zkc8","summary":"An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64736","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11053","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10936","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10951","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11017","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64736"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889","reference_id":"1130889","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323","reference_id":"TALOS-2025-2323","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:18:10Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64736"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjq6-mknn-zkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61028?format=json","vulnerability_id":"VCID-n7qk-y7wk-2qay","summary":"A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48005","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2240","reference_id":"TALOS-2025-2240","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:10:46Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2240"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-48005"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7qk-y7wk-2qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61041?format=json","vulnerability_id":"VCID-n9t6-f7cp-4qea","summary":"A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53853","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53853"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2232","reference_id":"TALOS-2025-2232","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:20:07Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53853"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9t6-f7cp-4qea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61064?format=json","vulnerability_id":"VCID-nays-6gvv-vydf","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65:\r \r                 else if (tag==65)     //0x41: patient event\r                 {\r                     // event table\r \r                     curPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54491","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54491"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:23:30Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54491"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nays-6gvv-vydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61022?format=json","vulnerability_id":"VCID-nfk8-x5q4-x7h3","summary":"A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23809","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55828","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55797","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55818","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55823","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55816","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23809"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919","reference_id":"TALOS-2024-1919","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:23:21Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-23809"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfk8-x5q4-x7h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61057?format=json","vulnerability_id":"VCID-pjxk-jkhf-3kht","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8:\r \r                 else if (tag==8) {\r                     if (len>2) fprintf(stderr,\"Warning MFER tag8 incorrect length %i>2\\n\",len);\r                     curPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54485","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54485"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:07:36Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54485"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxk-jkhf-3kht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61072?format=json","vulnerability_id":"VCID-pvjx-yb22-8bdj","summary":"Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66046","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3572","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863","reference_id":"1122863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296","reference_id":"TALOS-2025-2296","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:19Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66046"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjx-yb22-8bdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61075?format=json","vulnerability_id":"VCID-q15c-qb7u-8kap","summary":"A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20777","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40532","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40562","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889","reference_id":"1130889","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362","reference_id":"TALOS-2026-2362","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-03T15:13:53Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2026-20777"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q15c-qb7u-8kap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61001?format=json","vulnerability_id":"VCID-q7dz-z3u1-j3hx","summary":"An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21812","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55222","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55229","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5522","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.55201","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21812"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921","reference_id":"TALOS-2024-1921","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T17:54:09Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-21812"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dz-z3u1-j3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61036?format=json","vulnerability_id":"VCID-qkga-9ghw-myhb","summary":"A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53511","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2237","reference_id":"TALOS-2025-2237","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:09:42Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2237"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53511"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkga-9ghw-myhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61060?format=json","vulnerability_id":"VCID-rjn3-66t6-duga","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12:\r \r                 else if (tag==12)    //0x0C\r                 {\r                     // sampling resolution\r                     if (len>6) fprintf(stderr,\"Warning MFER tag12 incorrect length %i>6\\n\",len);\r                     val32   = 0;\r                     int8_t  v8;\r                     curPos += ifread(&UnitCode,1,1,hdr);\r                     curPos += ifread(&v8,1,1,hdr);\r                     curPos += ifread(buf,1,len-2,hdr);\r \r In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54487","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54487"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:04:54Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54487"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjn3-66t6-duga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61061?format=json","vulnerability_id":"VCID-s8ms-2ajs-9bdw","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13:\r \r                 else if (tag==13) {\r                     if (len>8) fprintf(stderr,\"Warning MFER tag13 incorrect length %i>8\\n\",len);\r                     curPos += ifread(&buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54488","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:03:57Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54488"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ms-2ajs-9bdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61034?format=json","vulnerability_id":"VCID-sewz-kc8g-hfc8","summary":"An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52581","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63021","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62997","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63015","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63012","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6301","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2233","reference_id":"TALOS-2025-2233","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T15:58:15Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2233"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-52581"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sewz-kc8g-hfc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61065?format=json","vulnerability_id":"VCID-sjxx-rpbd-2ud4","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67:\r \r                 else if (tag==67)     //0x43: Sample skew\r                 {\r                     int skew=0;     // [1]\r                     curPos += ifread(&skew, 1, len,hdr);\r \r In this case, the address of the newly-defined integer `skew` \\[1\\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54492","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:22:41Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54492"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjxx-rpbd-2ud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61043?format=json","vulnerability_id":"VCID-spbn-21cs-y3g8","summary":"A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54462","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54462"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2239","reference_id":"TALOS-2025-2239","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T20:17:06Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2239"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54462"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spbn-21cs-y3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61051?format=json","vulnerability_id":"VCID-sw6e-8t33-n7f4","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:\r \r \t\t\t\telse if (tag==4) {\r \t\t\t\t\t// SPR\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag4 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54482","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:09:29Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54482"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw6e-8t33-n7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61053?format=json","vulnerability_id":"VCID-uh56-6uz5-jyg1","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:\r \r \t\t\t\telse if (tag==5)     //0x05: number of channels\r \t\t\t\t{\r \t\t\t\t\tuint16_t oldNS=hdr->NS;\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag5 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54483","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54483"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:08:56Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54483"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh56-6uz5-jyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61063?format=json","vulnerability_id":"VCID-ws3r-dtag-2kcb","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64:\r \r                 else if (tag==64)     //0x40\r                 {\r                     // preamble\r                     char tmp[256];  // [1]\r                     curPos += ifread(tmp,1,len,hdr);\r \r In this case, the overflowed buffer is the newly-declared `tmp` \\[1\\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54490","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54490"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:57:19Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54490"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws3r-dtag-2kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61019?format=json","vulnerability_id":"VCID-xhxn-uspj-w7ak","summary":"An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23606","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48707","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48659","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48674","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48698","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48688","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23606"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925","reference_id":"TALOS-2024-1925","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T18:23:56Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-23606"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhxn-uspj-w7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61045?format=json","vulnerability_id":"VCID-y7b7-5qph-w3hq","summary":"A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:\r \r \t\t\t\tif (tag==0) {\r \t\t\t\t\tif (len!=1) fprintf(stderr,\"Warning MFER tag0 incorrect length %i!=1\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);\r \t\t\t\t}","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54480","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54480"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234","reference_id":"TALOS-2025-2234","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:03:33Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-54480"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7b7-5qph-w3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61008?format=json","vulnerability_id":"VCID-ysd9-636j-dkay","summary":"An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23305","reference_id":"","reference_type":"","scores":[{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74684","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74655","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74679","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74672","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23305"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918","reference_id":"TALOS-2024-1918","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:28:05Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89221?format=json","purl":"pkg:deb/debian/biosig@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89222?format=json","purl":"pkg:deb/debian/biosig@3.9.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14cy-t8he-rfam"},{"vulnerability":"VCID-25ka-1vtj-akec"},{"vulnerability":"VCID-4c21-bu1z-gfa3"},{"vulnerability":"VCID-5yws-vf2e-g7ea"},{"vulnerability":"VCID-77yh-sjcr-g7ew"},{"vulnerability":"VCID-7jgd-du4c-sbd9"},{"vulnerability":"VCID-9c5h-3zvz-8yaf"},{"vulnerability":"VCID-avy4-npdf-1fac"},{"vulnerability":"VCID-bz75-v3p7-zyfx"},{"vulnerability":"VCID-ccn2-ja4k-93da"},{"vulnerability":"VCID-ct4f-kxhg-6yaj"},{"vulnerability":"VCID-erf7-mvc1-3ud5"},{"vulnerability":"VCID-es1h-jc37-kfaj"},{"vulnerability":"VCID-f5kw-jf91-pfhv"},{"vulnerability":"VCID-h3m9-et77-63cr"},{"vulnerability":"VCID-kjq6-mknn-zkc8"},{"vulnerability":"VCID-n7qk-y7wk-2qay"},{"vulnerability":"VCID-n9t6-f7cp-4qea"},{"vulnerability":"VCID-nays-6gvv-vydf"},{"vulnerability":"VCID-pjxk-jkhf-3kht"},{"vulnerability":"VCID-pvjx-yb22-8bdj"},{"vulnerability":"VCID-q15c-qb7u-8kap"},{"vulnerability":"VCID-qkga-9ghw-myhb"},{"vulnerability":"VCID-rjn3-66t6-duga"},{"vulnerability":"VCID-s8ms-2ajs-9bdw"},{"vulnerability":"VCID-sewz-kc8g-hfc8"},{"vulnerability":"VCID-sjxx-rpbd-2ud4"},{"vulnerability":"VCID-spbn-21cs-y3g8"},{"vulnerability":"VCID-sw6e-8t33-n7f4"},{"vulnerability":"VCID-uh56-6uz5-jyg1"},{"vulnerability":"VCID-ws3r-dtag-2kcb"},{"vulnerability":"VCID-y7b7-5qph-w3hq"},{"vulnerability":"VCID-ysjd-drmj-2qe4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2024-23305"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysd9-636j-dkay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61040?format=json","vulnerability_id":"VCID-ysjd-drmj-2qe4","summary":"A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53557","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53557"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133","reference_id":"1112133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235","reference_id":"TALOS-2025-2235","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-25T18:39:54Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89220?format=json","purl":"pkg:deb/debian/biosig@3.9.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53557"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysjd-drmj-2qe4"}],"fixing_vulnerabilities":[],"risk_score":"3.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.1.2-4%3Fdistro=trixie"}