CVE-2025-34297

UNKNOWN 0.0

KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.

CWE	CWE-190
Vendor	mborgerding/kissfft
Product	mborgerding/kissfft
Published	Dec 1, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for mborgerding/kissfft mborgerding/kissfft

Be the first to know when new unknown vulnerabilities affecting mborgerding/kissfft mborgerding/kissfft are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mborgerding/kissfft / mborgerding/kissfft

0 < 1b08316582049c3716154caefc0deab8758506e3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3 github.com: https://github.com/mborgerding/kissfft/issues/120 vulncheck.com: https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow

Credits

Sajeeb Lohani of Bugcrowd Security Innovation Lab