CVE-2025-34297
📋 TL;DR
This CVE describes an integer overflow vulnerability in KissFFT library versions prior to fix commit 1b083165. On 32-bit architectures, an attacker can trigger a heap buffer overflow by providing a large nfft parameter, potentially leading to arbitrary code execution. Only systems running on 32-bit platforms using vulnerable KissFFT versions are affected.
💻 Affected Systems
- KissFFT library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Application crash (denial of service) or limited memory corruption affecting stability.
If Mitigated
No impact if proper input validation and memory protections are in place.
🎯 Exploit Status
Exploitation requires attacker control over nfft parameter passed to kiss_fft_alloc() function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 1b08316582049c3716154caefc0deab8758506e3
Vendor Advisory: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
Restart Required: Yes
Instructions:
1. Update KissFFT to version containing commit 1b083165 or later. 2. Recompile all applications using KissFFT. 3. Restart affected services.
🔧 Temporary Workarounds
Input validation wrapper
allAdd validation to ensure nfft parameter doesn't exceed safe bounds before calling kiss_fft_alloc()
// Add before kiss_fft_alloc() call:
if (nfft > MAX_SAFE_NFFT) { return NULL; }
Compile-time protection
linuxEnable compiler security flags to detect integer overflows
gcc -ftrapv -fstack-protector-all -D_FORTIFY_SOURCE=2
🧯 If You Can't Patch
- Migrate to 64-bit architecture where this vulnerability does not exist
- Implement strict input validation for all parameters passed to KissFFT functions
🔍 How to Verify
Check if Vulnerable:
Check if application uses KissFFT library and runs on 32-bit architecture. Review source code for kiss_fft_alloc() calls without input validation.Check Version:
git log --oneline | grep 1b083165 (if source) or check library version stringsVerify Fix Applied:
Verify the KissFFT library version includes commit 1b083165 by checking git history or version metadata.📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults
- Memory corruption errors in system logs
- Abnormal process termination
Network Indicators:
- None - this is a local memory corruption vulnerability
SIEM Query:
Process termination events for applications using KissFFT library on 32-bit systems