{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41445", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-20T16:07:47.308Z", "datePublished": "2026-04-20T16:18:50.371Z", "dateUpdated": "2026-04-20T17:57:10.156Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-20T16:18:50.371Z"}, "title": "KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "mborgerding", "product": "kissfft", "platforms": ["32 bit", "64 bit"], "repo": "https://github.com/mborgerding/kissfft", "versions": [{"status": "affected", "version": "0", "lessThan": "8a8e66e33d692bad1376fe7904d87d767730537f", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "KissFFT before commit\u00a08a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "KissFFT before commit&nbsp;8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.<br>"}]}], "references": [{"url": "https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Sajeeb Lohani", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T17:54:55.358715Z", "id": "CVE-2026-41445", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T17:57:10.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41445", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T17:54:55.358715Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T17:55:37.590Z"}}], "cna": {"title": "KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Sajeeb Lohani"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/mborgerding/kissfft", "vendor": "mborgerding", "product": "kissfft", "versions": [{"status": "affected", "version": "0", "lessThan": "8a8e66e33d692bad1376fe7904d87d767730537f", "versionType": "git"}], "platforms": ["32 bit", "64 bit"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "KissFFT before commit\u00a08a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.", "supportingMedia": [{"type": "text/html", "value": "KissFFT before commit&nbsp;8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-20T16:18:50.371Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41445", "state": "PUBLISHED", "dateUpdated": "2026-04-20T17:57:10.156Z", "dateReserved": "2026-04-20T16:07:47.308Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-20T16:18:50.371Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "KissFFT before commit\u00a08a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data."}], "id": "CVE-2026-41445", "lastModified": "2026-04-20T19:05:30.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-20T17:16:37.160", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["32_bit", "64_bit"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,8a8e66e33d692bad1376fe7904d87d767730537f)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "kissfft", "source": "cna", "vendor": "mborgerding"}, "product": "kissfft", "vendor": "mborgerding"}], "analysis": {"en": {"generated_at": "2026-04-20T18:37:53.214894+00:00", "value": {"mitigation_remediation": ["Update the KissFFT library to a version that includes commit 8a8e66e33d692bad1376fe7904d87d767730537f or later, which corrects the integer and buffer overflow.", "In the interim, add bounds checking on the dimensions passed to kiss_fftndr_alloc(), ensuring that dimOther*(dimReal+2) does not exceed INT_MAX and rejecting or sanitizing inputs that would trigger an overflow.", "Compile the library and any dependent applications with run\u2011time bounds\u2011checking options such as \u2011fstack\u2011protector and \u2011D_FORTIFY_SOURCE to provide additional heap overflow protection while a proper library update is rolled out."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Any installation of the KissFFT library that predates commit 8a8e66e33d692bad1376fe7904d87d767730537f is affected. The vulnerability exists in the core library regardless of distribution channel, so all users and applications that link against an unpatched version of KissFFT, including those embedded in larger multimedia or signal\u2011processing software, must be evaluated for exposure.", "description_and_impact": "The vulnerability is an integer overflow in the calculation of the allocation size for the FFT buffer in the kiss_fftndr_alloc() function. By providing crafted dimension values, the multiplication dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) exceeds the maximum value for a signed 32\u2011bit integer, causing malloc() to allocate a buffer that is too small. During subsequent processing of the FFT data, writes beyond the end of this underestimated buffer can corrupt memory and lead to arbitrary code execution. This flaw is a classic instance of a heap\u2011based buffer overflow (CWE\u2011122) triggered by an unchecked integer overflow (CWE\u2011190).", "risk_and_exploitability": "The CVSS base score of 8.7 indicates a high severity risk. Although the EPSS score is not available, the lack of a KEV listing does not diminish the potential for exploitation. Attackers who can influence the input dimensions to kiss_fftndr_alloc()\u2014for example, via a network\u2011exposed API or malformed file\u2014can trigger the overflow. The exploitation path requires that the application uses the unpatched library during runtime, making local or remote attacks possible depending on the deployment context. Consequently, the vulnerability poses a significant threat that warrants immediate remediation."}}}}, "created": "2026-04-20T18:45:14.225799+00:00", "updated": "2026-04-22T11:47:36.854366+00:00", "vendors": ["mborgerding", "mborgerding$PRODUCT$kissfft"]}