{"id":"CVE-2026-41445","summary":"KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()","details":"KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.","modified":"2026-07-16T03:31:09.317544138Z","published":"2026-04-20T16:18:50.371Z","related":["openSUSE-SU-2026:10591-1"],"database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"8a8e66e33d692bad1376fe7904d87d767730537f"}]}],"cna_assigner":"VulnCheck","cwe_ids":["CWE-122","CWE-190"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41445.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41445.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41445"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc"},{"type":"FIX","url":"https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f"},{"type":"PACKAGE","url":"https://github.com/mborgerding/kissfft"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mborgerding/kissfft","events":[{"introduced":"0"},{"fixed":"8a8e66e33d692bad1376fe7904d87d767730537f"}],"database_specific":{"source":"REFERENCES"}}],"versions":["131.2.0","131.1.0","v131","v130"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41445.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}