KissFFT Integer Overflow Leading to Heap Buffer Overflow Vulnerability

A heap-based buffer overflow vulnerability has been identified in KissFFT versions prior to commit 8a8e66e. The issue arises from an integer overflow in the 'kiss_fftndr_alloc()' function within 'kiss_fftndr.c'. The vulnerability allows attackers to trigger a heap buffer overflow by providing crafted dimensions that cause the allocation size calculation to exceed the maximum value of a signed 32-bit integer. This overflow occurs before the value is converted to 'size_t', resulting in 'malloc()' allocating a buffer that is too small. Consequently, when 'kiss_fftndr()' processes the data, it can write beyond the allocated buffer, leading to potential exploitation.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can typically be exploited to execute arbitrary code or cause a denial-of-service condition.

Remediation

Users can update to KissFFT commit 8a8e66e or later, where this vulnerability has been addressed.