CVE-2024-23809

Published: Feb 20, 2024Modified: Nov 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: CNA (Secondary)

Description

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected (2)

Products: Libbiosig Project: Libbiosig · Fedoraproject: Fedora

Libbiosig Project

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libbiosig Project Libbiosig	Version 2.5.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 40

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1919

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.