Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/89219?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/89219?format=api", "purl": "pkg:deb/debian/biosig@2.5.0-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "biosig", "version": "2.5.0-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.6.0-1", "latest_non_vulnerable_version": "3.9.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61071?format=api", "vulnerability_id": "VCID-14cy-t8he-rfam", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66045" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:26Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66045" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14cy-t8he-rfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61067?format=api", "vulnerability_id": "VCID-25ka-1vtj-akec", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133:\r \r else if (tag==133) //0x85\r {\r curPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54494" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:21:09Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54494" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25ka-1vtj-akec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60998?format=api", "vulnerability_id": "VCID-2md4-431b-2fh4", "summary": "A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01273", "scoring_system": "epss", "scoring_elements": "0.79897", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01273", "scoring_system": "epss", "scoring_elements": "0.79902", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01273", "scoring_system": "epss", "scoring_elements": "0.79886", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01273", "scoring_system": "epss", "scoring_elements": "0.79905", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21795" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920", "reference_id": "TALOS-2024-1920", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:31:36Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21795" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2md4-431b-2fh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61015?format=api", "vulnerability_id": "VCID-3zrc-8yrv-b3fb", "summary": "An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01617", "scoring_system": "epss", "scoring_elements": "0.82174", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01617", "scoring_system": "epss", "scoring_elements": "0.82169", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01617", "scoring_system": "epss", "scoring_elements": "0.82183", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01617", "scoring_system": "epss", "scoring_elements": "0.82172", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01617", "scoring_system": "epss", "scoring_elements": "0.82176", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23313" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23313", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23313" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922", "reference_id": "TALOS-2024-1922", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-13T13:38:45Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23313" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zrc-8yrv-b3fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61048?format=api", "vulnerability_id": "VCID-4c21-bu1z-gfa3", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:\r \r \t\t\t\telse if (tag==3) {\r \t\t\t\t\t// character code\r \t\t\t\t\tchar v[17];\t\t// [1]\r \t\t\t\t\tif (len>16) fprintf(stderr,\"Warning MFER tag2 incorrect length %i>16\\n\",len);\r \t\t\t\t\tcurPos += ifread(&v,1,len,hdr);\r \t\t\t\t\tv[len] = 0;\r \r In this case, the overflowed buffer is the newly-declared `v` \\[1\\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54481" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:10:05Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54481" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c21-bu1z-gfa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61073?format=api", "vulnerability_id": "VCID-5yws-vf2e-g7ea", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66047" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:12Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66047" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yws-vf2e-g7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61076?format=api", "vulnerability_id": "VCID-77yh-sjcr-g7ew", "summary": "A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.4059", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40532", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40562", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889", "reference_id": "1130889", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361", "reference_id": "TALOS-2026-2361", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-03T15:17:18Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22891" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-77yh-sjcr-g7ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61062?format=api", "vulnerability_id": "VCID-7jgd-du4c-sbd9", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63:\r \r else if (tag==63) {\r uint8_t tag2=255, len2=255;\r \r count = 0;\r while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){\r curPos += ifread(&tag2,1,1,hdr);\r curPos += ifread(&len2,1,1,hdr);\r if (VERBOSE_LEVEL==9)\r fprintf(stdout,\"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\\n\",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count);\r \r if (FlagInfiniteLength && len2==0 && tag2==0) break;\r \r count += (2+len2);\r curPos += ifread(&buf,1,len2,hdr);\r \r Here, the number of bytes read is not the Data Length decoded from the current frame in the file (`len`) but rather is a new length contained in a single octet read from the same input file (`len2`). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still `buf`, which has a size of only 128 bytes, while `len2` can be as large as 255.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54489" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54489" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:03:04Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54489" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jgd-du4c-sbd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61066?format=api", "vulnerability_id": "VCID-9c5h-3zvz-8yaf", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131:\r \r else if (tag==131) //0x83\r {\r // Patient Age\r if (len!=7) fprintf(stderr,\"Warning MFER tag131 incorrect length %i!=7\\n\",len);\r curPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54493" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:21:39Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54493" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9c5h-3zvz-8yaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61058?format=api", "vulnerability_id": "VCID-avy4-npdf-1fac", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11:\r \r else if (tag==11) //0x0B\r {\r // Fs\r if (len>6) fprintf(stderr,\"Warning MFER tag11 incorrect length %i>6\\n\",len);\r double fval;\r curPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54486" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:06:23Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54486" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avy4-npdf-1fac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61039?format=api", "vulnerability_id": "VCID-bz75-v3p7-zyfx", "summary": "An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63021", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62997", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63015", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63012", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6301", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53518" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2231", "reference_id": "TALOS-2025-2231", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-25T14:08:49Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53518" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz75-v3p7-zyfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61074?format=api", "vulnerability_id": "VCID-ccn2-ja4k-93da", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:05Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66048" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccn2-ja4k-93da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61070?format=api", "vulnerability_id": "VCID-ct4f-kxhg-6yaj", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66044" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:33Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66044" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct4f-kxhg-6yaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61069?format=api", "vulnerability_id": "VCID-erf7-mvc1-3ud5", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66043" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:40Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66043" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erf7-mvc1-3ud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61031?format=api", "vulnerability_id": "VCID-es1h-jc37-kfaj", "summary": "An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32368", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.323", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32323", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.324", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3233", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52461" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2238", "reference_id": "TALOS-2025-2238", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-26T20:11:56Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-52461" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es1h-jc37-kfaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61056?format=api", "vulnerability_id": "VCID-f5kw-jf91-pfhv", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:\r \r \t\t\t\telse if (tag==6) \t// 0x06 \"number of sequences\"\r \t\t\t\t{\r \t\t\t\t\t// NRec\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag6 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54484" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:08:17Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54484" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5kw-jf91-pfhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61004?format=api", "vulnerability_id": "VCID-fam7-973s-b7bn", "summary": "A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55828", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55797", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55823", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55816", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22097" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917", "reference_id": "TALOS-2024-1917", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-14T19:07:46Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-22097" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fam7-973s-b7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61026?format=api", "vulnerability_id": "VCID-h3m9-et77-63cr", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.5856", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58538", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58553", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58551", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58552", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46411" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46411", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46411" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236", "reference_id": "TALOS-2025-2236", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:03:59Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-46411" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3m9-et77-63cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61012?format=api", "vulnerability_id": "VCID-h9gj-mgcs-8yak", "summary": "A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68111", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.6811", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68095", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23310" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923", "reference_id": "TALOS-2024-1923", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-26T18:30:36Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23310" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9gj-mgcs-8yak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61068?format=api", "vulnerability_id": "VCID-kjq6-mknn-zkc8", "summary": "An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11053", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10936", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10951", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11059", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11017", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64736" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889", "reference_id": "1130889", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323", "reference_id": "TALOS-2025-2323", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T15:18:10Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-64736" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjq6-mknn-zkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61028?format=api", "vulnerability_id": "VCID-n7qk-y7wk-2qay", "summary": "A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2240", "reference_id": "TALOS-2025-2240", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:10:46Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2240" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48005" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7qk-y7wk-2qay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61041?format=api", "vulnerability_id": "VCID-n9t6-f7cp-4qea", "summary": "A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53853" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2232", "reference_id": "TALOS-2025-2232", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:20:07Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53853" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9t6-f7cp-4qea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61064?format=api", "vulnerability_id": "VCID-nays-6gvv-vydf", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65:\r \r else if (tag==65) //0x41: patient event\r {\r // event table\r \r curPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54491" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:23:30Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54491" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nays-6gvv-vydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61022?format=api", "vulnerability_id": "VCID-nfk8-x5q4-x7h3", "summary": "A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55828", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55797", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55818", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55823", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55816", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23809" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919", "reference_id": "TALOS-2024-1919", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:23:21Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23809" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfk8-x5q4-x7h3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61057?format=api", "vulnerability_id": "VCID-pjxk-jkhf-3kht", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8:\r \r else if (tag==8) {\r if (len>2) fprintf(stderr,\"Warning MFER tag8 incorrect length %i>2\\n\",len);\r curPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54485" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54485" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:07:36Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54485" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxk-jkhf-3kht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61072?format=api", "vulnerability_id": "VCID-pvjx-yb22-8bdj", "summary": "Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35789", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35759", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66046" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863", "reference_id": "1122863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122863" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296", "reference_id": "TALOS-2025-2296", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-11T19:20:19Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66046" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjx-yb22-8bdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61075?format=api", "vulnerability_id": "VCID-q15c-qb7u-8kap", "summary": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-20777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.4059", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40532", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40562", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-20777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20777" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889", "reference_id": "1130889", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130889" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362", "reference_id": "TALOS-2026-2362", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-03T15:13:53Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-20777" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q15c-qb7u-8kap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61001?format=api", "vulnerability_id": "VCID-q7dz-z3u1-j3hx", "summary": "An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55222", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55229", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5522", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55201", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-21812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21812" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921", "reference_id": "TALOS-2024-1921", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T17:54:09Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-21812" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7dz-z3u1-j3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61036?format=api", "vulnerability_id": "VCID-qkga-9ghw-myhb", "summary": "A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53511" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2237", "reference_id": "TALOS-2025-2237", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:09:42Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53511" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkga-9ghw-myhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61060?format=api", "vulnerability_id": "VCID-rjn3-66t6-duga", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12:\r \r else if (tag==12) //0x0C\r {\r // sampling resolution\r if (len>6) fprintf(stderr,\"Warning MFER tag12 incorrect length %i>6\\n\",len);\r val32 = 0;\r int8_t v8;\r curPos += ifread(&UnitCode,1,1,hdr);\r curPos += ifread(&v8,1,1,hdr);\r curPos += ifread(buf,1,len-2,hdr);\r \r In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54487", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54487" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54487", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54487" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:04:54Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54487" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rjn3-66t6-duga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61061?format=api", "vulnerability_id": "VCID-s8ms-2ajs-9bdw", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13:\r \r else if (tag==13) {\r if (len>8) fprintf(stderr,\"Warning MFER tag13 incorrect length %i>8\\n\",len);\r curPos += ifread(&buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54488" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:03:57Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54488" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8ms-2ajs-9bdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61034?format=api", "vulnerability_id": "VCID-sewz-kc8g-hfc8", "summary": "An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63021", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62997", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63015", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63012", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6301", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2233", "reference_id": "TALOS-2025-2233", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-15T15:58:15Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-52581" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sewz-kc8g-hfc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61065?format=api", "vulnerability_id": "VCID-sjxx-rpbd-2ud4", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67:\r \r else if (tag==67) //0x43: Sample skew\r {\r int skew=0; // [1]\r curPos += ifread(&skew, 1, len,hdr);\r \r In this case, the address of the newly-defined integer `skew` \\[1\\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:22:41Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54492" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjxx-rpbd-2ud4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61043?format=api", "vulnerability_id": "VCID-spbn-21cs-y3g8", "summary": "A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54462" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2239", "reference_id": "TALOS-2025-2239", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-26T20:17:06Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2239" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54462" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spbn-21cs-y3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61051?format=api", "vulnerability_id": "VCID-sw6e-8t33-n7f4", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:\r \r \t\t\t\telse if (tag==4) {\r \t\t\t\t\t// SPR\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag4 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54482" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:09:29Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54482" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw6e-8t33-n7f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61053?format=api", "vulnerability_id": "VCID-uh56-6uz5-jyg1", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:\r \r \t\t\t\telse if (tag==5) //0x05: number of channels\r \t\t\t\t{\r \t\t\t\t\tuint16_t oldNS=hdr->NS;\r \t\t\t\t\tif (len>4) fprintf(stderr,\"Warning MFER tag5 incorrect length %i>4\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54483" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T19:08:56Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54483" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh56-6uz5-jyg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61063?format=api", "vulnerability_id": "VCID-ws3r-dtag-2kcb", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64:\r \r else if (tag==64) //0x40\r {\r // preamble\r char tmp[256]; // [1]\r curPos += ifread(tmp,1,len,hdr);\r \r In this case, the overflowed buffer is the newly-declared `tmp` \\[1\\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54490" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:57:19Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54490" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ws3r-dtag-2kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61019?format=api", "vulnerability_id": "VCID-xhxn-uspj-w7ak", "summary": "An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48707", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48659", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48674", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48698", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48688", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23606" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925", "reference_id": "TALOS-2024-1925", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-02-20T18:23:56Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23606" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhxn-uspj-w7ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61045?format=api", "vulnerability_id": "VCID-y7b7-5qph-w3hq", "summary": "A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:\r \r \t\t\t\tif (tag==0) {\r \t\t\t\t\tif (len!=1) fprintf(stderr,\"Warning MFER tag0 incorrect length %i!=1\\n\",len);\r \t\t\t\t\tcurPos += ifread(buf,1,len,hdr);\r \t\t\t\t}", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54480" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234", "reference_id": "TALOS-2025-2234", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-26T20:03:33Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54480" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7b7-5qph-w3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61008?format=api", "vulnerability_id": "VCID-ysd9-636j-dkay", "summary": "An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74684", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74655", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74681", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74679", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74672", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23305" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23305", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23305" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918", "reference_id": "TALOS-2024-1918", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:28:05Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89221?format=api", "purl": "pkg:deb/debian/biosig@2.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89222?format=api", "purl": "pkg:deb/debian/biosig@3.9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14cy-t8he-rfam" }, { "vulnerability": "VCID-25ka-1vtj-akec" }, { "vulnerability": "VCID-4c21-bu1z-gfa3" }, { "vulnerability": "VCID-5yws-vf2e-g7ea" }, { "vulnerability": "VCID-77yh-sjcr-g7ew" }, { "vulnerability": "VCID-7jgd-du4c-sbd9" }, { "vulnerability": "VCID-9c5h-3zvz-8yaf" }, { "vulnerability": "VCID-avy4-npdf-1fac" }, { "vulnerability": "VCID-bz75-v3p7-zyfx" }, { "vulnerability": "VCID-ccn2-ja4k-93da" }, { "vulnerability": "VCID-ct4f-kxhg-6yaj" }, { "vulnerability": "VCID-erf7-mvc1-3ud5" }, { "vulnerability": "VCID-es1h-jc37-kfaj" }, { "vulnerability": "VCID-f5kw-jf91-pfhv" }, { "vulnerability": "VCID-h3m9-et77-63cr" }, { "vulnerability": "VCID-kjq6-mknn-zkc8" }, { "vulnerability": "VCID-n7qk-y7wk-2qay" }, { "vulnerability": "VCID-n9t6-f7cp-4qea" }, { "vulnerability": "VCID-nays-6gvv-vydf" }, { "vulnerability": "VCID-pjxk-jkhf-3kht" }, { "vulnerability": "VCID-pvjx-yb22-8bdj" }, { "vulnerability": "VCID-q15c-qb7u-8kap" }, { "vulnerability": "VCID-qkga-9ghw-myhb" }, { "vulnerability": "VCID-rjn3-66t6-duga" }, { "vulnerability": "VCID-s8ms-2ajs-9bdw" }, { "vulnerability": "VCID-sewz-kc8g-hfc8" }, { "vulnerability": "VCID-sjxx-rpbd-2ud4" }, { "vulnerability": "VCID-spbn-21cs-y3g8" }, { "vulnerability": "VCID-sw6e-8t33-n7f4" }, { "vulnerability": "VCID-uh56-6uz5-jyg1" }, { "vulnerability": "VCID-ws3r-dtag-2kcb" }, { "vulnerability": "VCID-y7b7-5qph-w3hq" }, { "vulnerability": "VCID-ysjd-drmj-2qe4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23305" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysd9-636j-dkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61040?format=api", "vulnerability_id": "VCID-ysjd-drmj-2qe4", "summary": "A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6544", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.6546", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65452", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00479", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53557" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133", "reference_id": "1112133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112133" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235", "reference_id": "TALOS-2025-2235", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-25T18:39:54Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2235" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/89220?format=api", "purl": "pkg:deb/debian/biosig@3.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@3.9.5-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53557" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysjd-drmj-2qe4" } ], "fixing_vulnerabilities": [], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/biosig@2.5.0-1%3Fdistro=trixie" }