CVE-2026-41445

HIGH 8.8

KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

CWE	CWE-190 CWE-122
Vendor	mborgerding
Product	kissfft
Published	Apr 20, 2026
Last Updated	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for mborgerding kissfft

Be the first to know when new high vulnerabilities affecting mborgerding kissfft are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

mborgerding / kissfft

0 < 8a8e66e33d692bad1376fe7904d87d767730537f

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f vulncheck.com: https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc

Credits

Sajeeb Lohani VulnCheck