CVE-2025-34297

Vulnerability Description

KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.

Related Weaknesses (CWE)

References

• https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab875
• https://github.com/mborgerding/kissfft/issues/120
• https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overfl

FAQ

What is CVE-2025-34297?

CVE-2025-34297 is a documented vulnerability. KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being us...

How severe is CVE-2025-34297?

CVSS scoring is not yet available for CVE-2025-34297. Check NVD for updates.

Is there a patch for CVE-2025-34297?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.