CVE-2026-41445

Source
https://cve.org/CVERecord?id=CVE-2026-41445
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41445.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41445
Downstream
Related
Published
2026-04-20T16:18:50.371Z
Modified
2026-07-08T08:13:13.968172391Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
Details

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kissfftndralloc() function in kissfftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kissfftscalar) overflows signed 32-bit integer arithmetic before being widened to sizet, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INTMAX, allowing writes beyond the allocated buffer region when kissfftndr() processes the data.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-122",
        "CWE-190"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "8a8e66e33d692bad1376fe7904d87d767730537f"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41445.json"
}
References

Affected packages

Git / github.com/mborgerding/kissfft

Affected ranges

Type
GIT
Repo
https://github.com/mborgerding/kissfft
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

131.*
131.1.0
131.2.0
Other
v130
v131

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41445.json"