{"id":"UBUNTU-CVE-2024-23809","details":"A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.","modified":"2026-04-22T14:40:38.075070Z","published":"2024-02-20T16:15:00Z","upstream":["CVE-2024-23809"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-23809"},{"type":"REPORT","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919"},{"type":"REPORT","url":"https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-23809"}],"affected":[{"package":{"name":"biosig","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/biosig@2.3.3-1build2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.1.2-4","2.1.2-4build1","2.1.2-4build2","2.3.3-1","2.3.3-1build1","2.3.3-1build2"],"ecosystem_specific":{"binaries":[{"binary_name":"biosig-tools","binary_version":"2.3.3-1build2"},{"binary_name":"libbiosig3","binary_version":"2.3.3-1build2"},{"binary_name":"octave-biosig","binary_version":"2.3.3-1build2"},{"binary_name":"python3-biosig","binary_version":"2.3.3-1build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23809.json"}},{"package":{"name":"biosig","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/biosig@2.6.0-1ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.5.0-1build2","2.5.2-1","2.5.2-1build1","2.5.2-2","2.6.0-1","2.6.0-1build1","2.6.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"biosig-tools","binary_version":"2.6.0-1ubuntu1"},{"binary_name":"libbiosig3","binary_version":"2.6.0-1ubuntu1"},{"binary_name":"octave-biosig","binary_version":"2.6.0-1ubuntu1"},{"binary_name":"python3-biosig","binary_version":"2.6.0-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23809.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}