Description
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Published: 2026-03-03
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution due to a heap buffer overflow
Action: Immediate Patch
AI Analysis

Impact

A heap-based buffer overflow exists in the Intan CLP parsing routine of libbiosig 3.9.2. The flaw, classified as CWE-122, allows an attacker to supply a specially crafted CLP file that overwrites memory and can lead to arbitrary code execution. This compromise threatens confidentiality, integrity, and availability of the affected system.

Affected Systems

The Biosig Project libbiosig version 3.9.2 and the master branch (commit db9a9a63) are affected. Any system that loads Intan CLP files through libbiosig is at risk. No other vendors or product versions are listed as impacted.

Risk and Exploitability

The vulnerability scores a CVSS base score of 9.8, indicating critical severity, yet its EPSS score is below 1%, suggesting low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. An attacker must provide a malicious CLP file to the parsing routine; therefore the likely attack vector is local or remote file upload/processing within an application that uses libbiosig.

Generated by OpenCVE AI on April 16, 2026 at 14:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libbiosig to the latest release that contains the fix for the buffer overflow.
  • If an update cannot be applied immediately, disable or restrict Intan CLP file parsing for untrusted users or require administrative approval for all CLP files.
  • Implement runtime monitoring to detect abnormal memory corruption, unexpected process creation, or privilege escalation indicative of exploitation.

Generated by OpenCVE AI on April 16, 2026 at 14:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Heap Overflow in libbiosig Intan CLP Parsing Leading to Arbitrary Code Execution

Thu, 05 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Libbiosig Project
Libbiosig Project libbiosig
CPEs cpe:2.3:a:libbiosig_project:libbiosig:3.9.2:*:*:*:*:*:*:*
Vendors & Products Libbiosig Project
Libbiosig Project libbiosig

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared The Biosig Project
The Biosig Project libbiosig
Vendors & Products The Biosig Project
The Biosig Project libbiosig

Tue, 03 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Libbiosig Project Libbiosig
The Biosig Project Libbiosig
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-03-03T15:17:25.340Z

Reserved: 2026-01-28T12:55:08.823Z

Link: CVE-2026-22891

cve-icon Vulnrichment

Updated: 2026-03-03T15:17:04.426Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T15:16:18.620

Modified: 2026-03-05T18:15:20.593

Link: CVE-2026-22891

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:15:28Z

Weaknesses