The vulnerability relates to the functionality of parsing ASCII headers of BrainVision format files. This functionality is provided by the libbiosig library for processing medical signals. It allows an attacker to execute arbitrary code using a specially created file.

🗓️ 18 Mar 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

The Libbiosig BrainVision ASCII header parsing error enables code execution with crafted vdhr file.

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2024-23809	20 Feb 202417:25	–	circl
CNNVD	Biosig Project libbiosig Resource Management Error Vulnerability	20 Feb 202400:00	–	cnnvd
CVE	CVE-2024-23809	20 Feb 202415:29	–	cve
Cvelist	CVE-2024-23809	20 Feb 202415:29	–	cvelist
Debian CVE	CVE-2024-23809	20 Feb 202415:29	–	debiancve
EUVD	EUVD-2024-21262	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 40 Update: biosig4c++-2.6.0-3.fc40	2 Apr 202414:19	–	fedora
Tenable Nessus	Fedora 40 : biosig4c++ (2024-ff6a72d8e9)	29 Apr 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-23809	5 Mar 202500:00	–	nessus
NVD	CVE-2024-23809	20 Feb 202416:15	–	nvd

Vulners

Node

biosig libbiosigMatch2.5.0

Source	Link
vuldb	www.vuldb.com/ru/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-23809
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2024-1919
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2024-1919

06 Feb 2025 00:00Current

CVSS 39.8

CVSS 210

EPSS0.00325

brainvision libbiosig memory reclamation error arbitrary code execution vdhr file