Integer Overflow Vulnerability in KissFFT by Mborgerding
CVE-2026-41445

8.7HIGH

Key Information:

Vendor: Mborgerding
Status: Kissfft
Vendor: CVE Published:; 20 April 2026

🔔 Create Mborgerding Vulnerability Alert

What is CVE-2026-41445?

The vulnerability within KissFFT prior to commit 8a8e66e enables an integer overflow in the kiss_fftndr_alloc() function. The flawed calculation for memory allocation can result in a buffer that is too small for the incoming data. When an attacker supplies dimensions that exploit this flaw, the multiplication of parameters may exceed the maximum value of a signed 32-bit integer, leading to a heap buffer overflow. This situation allows for potential data corruption and unauthorized access, highlighting serious risks in handling crafted input scenarios.

Affected Version(s)

kissfft 32 bit 0 < 8a8e66e33d692bad1376fe7904d87d767730537f

References

https://github.com/mborgerding/kissfft/commit/8a8e66e33d6...

patch

https://www.vulncheck.com/advisories/kissfft-integer-over...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Sajeeb Lohani

VulnCheck

CVE-2026-41445 Data

JSON