Kissfft
Monthly
Heap buffer overflow in KissFFT library (all versions before commit 8a8e66e) enables remote code execution when applications process attacker-controlled FFT dimensions. Integer overflow in kiss_fftndr_alloc() causes malloc() to allocate undersized buffers, allowing heap memory corruption during multidimensional FFT operations. CVSS 8.8 (network vector, no authentication, user interaction required). EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Upstream fix available via GitHub commit, but released patched version number not independently confirmed.
Heap buffer overflow in KissFFT library (all versions before commit 8a8e66e) enables remote code execution when applications process attacker-controlled FFT dimensions. Integer overflow in kiss_fftndr_alloc() causes malloc() to allocate undersized buffers, allowing heap memory corruption during multidimensional FFT operations. CVSS 8.8 (network vector, no authentication, user interaction required). EPSS and KEV data not provided; no public exploit confirmed at time of analysis. Upstream fix available via GitHub commit, but released patched version number not independently confirmed.