CVE-2024-21795 – A heap-based buffer overflow vulnerability in l... (How to Fix)

Q: What is the severity of CVE-2024-21795?

CVE-2024-21795 has a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow vulnerability in libbiosig's .egi file parser allows arbitrary code execution when processing malicious files. This affects systems using libbiosig 2.5.0 or the master branch commit ab0ee111 for biomedical signal processing. Attackers can achieve remote code execution by tricking users or automated systems into opening specially crafted .egi files.

📋 TL;DR

A heap-based buffer overflow vulnerability in libbiosig's .egi file parser allows arbitrary code execution when processing malicious files. This affects systems using libbiosig 2.5.0 or the master branch commit ab0ee111 for biomedical signal processing. Attackers can achieve remote code execution by tricking users or automated systems into opening specially crafted .egi files.

💻 Affected Systems

Products:

The Biosig Project libbiosig

Versions: 2.5.0 and master branch commit ab0ee111

Operating Systems: Linux, Windows, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using libbiosig to parse .egi files is vulnerable. This includes biomedical research software, healthcare systems, and data analysis tools.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Libbiosig by Libbiosig Project

View all CVEs affecting Libbiosig →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the application processing the .egi file, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Remote code execution on systems that automatically process .egi files or where users open untrusted .egi files, leading to malware installation or data exfiltration.

🟢

If Mitigated

Denial of service or application crash if exploit fails, with limited impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires delivering a malicious .egi file to the target system, which could be achieved through phishing, compromised websites, or automated processing pipelines.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check upstream repository for fixes after commit ab0ee111

Vendor Advisory: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/

Restart Required: Yes

Instructions:

1. Check current libbiosig version
2. Update to patched version from official repository
3. Rebuild applications using libbiosig
4. Restart affected services

🔧 Temporary Workarounds

Disable .egi file processing

all

Temporarily disable or block .egi file parsing in applications using libbiosig

# Configure applications to reject .egi files or use alternative formats

File type restrictions

linux

Implement file type filtering to block .egi files at network boundaries

# Example using iptables: iptables -A INPUT -m string --string ".egi" --algo bm -j DROP

🧯 If You Can't Patch

Implement strict file upload controls and validation for .egi files
Run libbiosig applications with minimal privileges and in isolated containers

🔍 How to Verify

Check if Vulnerable:

Check libbiosig version: biosig-tools --version or examine library files

Check Version:

biosig-tools --version 2>&1 | grep -i version || strings /usr/lib*/libbiosig* | grep -i version

Verify Fix Applied:

Verify updated version is installed and test with known safe .egi files

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing .egi files
Unusual process spawning from libbiosig applications
Failed file parsing attempts

Network Indicators:

Inbound .egi file transfers to vulnerable systems
Outbound connections from libbiosig processes to suspicious IPs

SIEM Query:

source="application_logs" AND ("libbiosig" OR ".egi") AND ("crash" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2024-21795

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: February 20, 2024

Last Updated: November 4, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920 Exploit,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRLGNQM33KAWVWP5RPMAPHWNP3IY5YW/ Mailing List
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1920

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21795, you might also want to check these: