Skip to main content

Kissfft CVE-2026-41445

| EUVDEUVD-2026-23905 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-04-20 VulnCheck GHSA-xpr7-5899-f5vj
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 20, 2026 - 17:52 vuln.today
CVSS changed
Apr 20, 2026 - 17:52 NVD
8.8 (HIGH) 8.7 (HIGH)
EUVD ID Assigned
Apr 20, 2026 - 17:15 euvd
EUVD-2026-23905
Analysis Generated
Apr 20, 2026 - 17:15 vuln.today
Patch released
Apr 20, 2026 - 17:15 nvd
Patch available
CVE Published
Apr 20, 2026 - 16:18 nvd
HIGH 8.7

DescriptionCVE.org

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

AnalysisAI

Heap buffer overflow in KissFFT library (all versions before commit 8a8e66e) enables remote code execution when applications process attacker-controlled FFT dimensions. Integer overflow in kiss_fftndr_alloc() causes malloc() to allocate undersized buffers, allowing heap memory corruption during multidimensional FFT operations. CVSS 8.8 (network vector, no authentication, user interaction required). EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Upstream fix available via GitHub commit, but released patched version number not independently confirmed.

Technical ContextAI

KissFFT is a widely-used Fast Fourier Transform library (cpe:2.3:a:mborgerding:kissfft) designed for embedded systems and signal processing applications. The vulnerability resides in kiss_fftndr.c's allocation function for N-dimensional real FFTs. The function calculates buffer size as dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) using signed 32-bit arithmetic. When dimOther and dimReal are sufficiently large, their multiplication exceeds INT_MAX (2,147,483,647), causing integer wraparound before the result is widened to size_t for malloc(). This CWE-190 (Integer Overflow to Buffer Overflow) root cause results in a heap buffer that is orders of magnitude smaller than required. Subsequent kiss_fftndr() processing writes FFT coefficient data based on the original (large) dimensions into the undersized buffer, corrupting adjacent heap metadata and objects.

RemediationAI

Upstream fix available via GitHub commit 8a8e66e33d692bad1376fe7904d87d767730537f (https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f), which adds overflow checks before size_t conversion. Applications statically linking KissFFT must rebuild against the patched source. Since KissFFT does not publish versioned releases (development occurs via Git commits), integrators should verify their embedded copy is at or beyond commit 8a8e66e by checking git log or source file checksums. For systems unable to update immediately, implement input validation on FFT dimension parameters: reject dimOther and dimReal values where dimOther * (dimReal + 2) * sizeof(kiss_fft_scalar) would exceed INT_MAX on the target platform (typically dimOther * dimReal > 500 million on 32-bit systems with 4-byte scalars). This workaround reduces functionality for legitimate large-scale FFT operations. Additionally, deploy heap corruption mitigations (ASLR, heap allocator hardening) to raise exploitation cost, though these do not prevent the vulnerability. Applications using only 1D FFTs (kiss_fft_alloc) or complex FFTs (kiss_fftnd_alloc) are not affected by this specific issue in kiss_fftndr.c.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-41445 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy