{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20777", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-28T12:55:18.367Z", "datePublished": "2026-03-03T14:32:14.987Z", "dateUpdated": "2026-03-03T15:17:02.898Z"}, "containers": {"cna": {"affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"version": "3.9.2", "status": "affected"}, {"version": "Master Branch (db9a9a63)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE", "cweId": "CWE-122"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-03T14:32:14.987Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}], "credits": [{"lang": "en", "value": "Discovered by Mark Bereza and Lilith >_> of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T15:13:53.561647Z", "id": "CVE-2026-20777", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T15:14:07.474Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-03T15:17:02.898Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-03T15:17:02.898Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T15:13:53.561647Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T15:13:59.995Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Mark Bereza and Lilith >_> of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "The Biosig Project", "product": "libbiosig", "versions": [{"status": "affected", "version": "3.9.2"}, {"status": "affected", "version": "Master Branch (db9a9a63)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-03T14:32:14.987Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20777", "state": "PUBLISHED", "dateUpdated": "2026-03-03T15:17:02.898Z", "dateReserved": "2026-01-28T12:55:18.367Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-03T14:32:14.987Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libbiosig_project:libbiosig:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "163D4E31-DDCD-4F25-BFBE-C990D7D3B574", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."}], "id": "CVE-2026-20777", "lastModified": "2026-03-05T18:16:07.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-03-03T15:16:18.187", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2362"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.9.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Master Branch (db9a9a63)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "libbiosig", "source": "cna", "vendor": "The Biosig Project"}, "product": "libbiosig", "vendor": "the_biosig_project"}], "analysis": {"en": {"generated_at": "2026-04-18T10:04:34.505677+00:00", "value": {"mitigation_remediation": ["Update libbiosig to the latest patch or a version that fixes the heap overflow flaw", "Recompile any dependent applications against the updated library so the fix is applied", "If possible, disable or remove the Nicolet WFT parsing capability for data from untrusted sources as a temporary measure"], "summary": {"action": "Patch Now", "impact": "Arbitrary code execution via heap-based buffer overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in libbiosig version 3.9.2 and the Master branch as identified by the library name, The Biosig Project libbiosig. Any system or application that incorporates this version and processes .wft files\u2014commonly used in medical and scientific data acquisition contexts\u2014is at risk. The maintainers of The Biosig Project are the vendor responsible for addressing the flaw.", "description_and_impact": "A heap\u2011based buffer overflow exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and the corresponding Master branch. A specially crafted .wft file can overwrite heap memory and lead to arbitrary code execution. The code processes untrusted input without proper bounds checking, which is reflected by the CWE\u2011122 designation. If exploited, an attacker could execute code with the privileges of the running process and compromise the integrity of the host system.", "risk_and_exploitability": "The CVSS base score of 8.1 places this flaw in the high severity range. The EPSS score of less than 1\u202f% indicates that exploitation is currently unlikely, but the potential impact warrants immediate attention. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation requires an attacker to supply a malicious .wft file to the affected process, either locally or through a compromised component that parses user\u2011supplied data. The flaw does not require privilege escalation to be triggered, allowing both local and remote attackers who can influence file input to the application to exploit it."}}}}, "created": "2026-03-04T14:54:17.559703+00:00", "title": "Heap Overflow in Biosig libbiosig 3.9.2 Enables Code Execution", "updated": "2026-04-18T10:15:25.868285+00:00", "vendors": ["the_biosig_project", "the_biosig_project$PRODUCT$libbiosig"]}