CVE-2026-41445

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss fftndr alloc() function in kiss fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss fft scalar) overflows signed 32-bit integer arithmetic before being widened to size t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT MAX, allowing writes beyond the allocated buffer region when kiss fftndr() processes the data.