CVE-2024-22097

Published: Feb 20, 2024Modified: Nov 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: CNA (Secondary)

Description

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected (2)

Products: Libbiosig Project: Libbiosig · Fedoraproject: Fedora

Libbiosig Project

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libbiosig Project Libbiosig	Version 2.5.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 40

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1917

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.