CVE-2025-34297 Overview
CVE-2025-34297 is a high-severity integer overflow vulnerability in KissFFT, a lightweight Fast Fourier Transform library. The vulnerability exists in the kiss_fft_alloc() function within kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow.
Critical Impact
This integer overflow vulnerability can lead to heap buffer overflow, potentially enabling arbitrary code execution, denial of service, or memory corruption on 32-bit systems. The CVSS 4.0 score of 8.6 (HIGH) reflects the significant local attack surface with no privileges or user interaction required.
Affected Products
- KissFFT versions prior to commit 1b083165
- Applications using KissFFT on 32-bit architectures
- Embedded systems and IoT devices utilizing KissFFT for FFT operations
Discovery Timeline
- 2025-12-01 - CVE-2025-34297 published to NVD
- 2025-12-02 - Last updated in NVD database
Technical Details for CVE-2025-34297
Vulnerability Analysis
The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound). With a CVSS 4.0 score of 8.6, this vulnerability presents a high risk to affected systems. The CVSS vector CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N indicates:
- Attack Vector: Local - requires local access to the vulnerable system
- Attack Complexity: Low - exploitation is straightforward
- Privileges Required: None - no special privileges needed
- User Interaction: None - no user action required
- Impact: High confidentiality, integrity, and availability impact
The EPSS (Exploit Prediction Scoring System) probability is 0.017% (3.241 percentile), suggesting a relatively low likelihood of exploitation in the wild at this time.
Root Cause
The root cause lies in the absence of integer overflow validation in the kiss_fft_alloc() function. When calculating the buffer size using sizeof(kiss_fft_cpx) * (nfft - 1), the multiplication can overflow on 32-bit platforms where size_t is limited to 4 bytes. If a malicious or unexpectedly large nfft value is provided, the calculation wraps around to a small positive number, causing malloc() to allocate insufficient memory. The subsequent loop that initializes twiddle factors then writes beyond the allocated buffer boundaries.
Attack Vector
An attacker with local access can exploit this vulnerability by providing a crafted nfft value to functions that ultimately call kiss_fft_alloc(). The attack specifically targets 32-bit systems where integer overflow is more easily achievable due to the 32-bit size_t constraint. Successful exploitation could result in:
- Heap corruption - Overwriting adjacent heap metadata or data
- Arbitrary code execution - Through controlled heap overwrites
- Denial of service - Application crash due to memory corruption
- Information disclosure - Reading memory beyond intended boundaries
The security patch adds overflow checking by including <stdint.h> to enable proper integer type validation:
* See COPYING file for more information.
*/
-
+#include <stdint.h>
#include "_kiss_fft_guts.h"
/* The guts header contains all the multiplication and addition macros that are defined for
fixed or floating point complex numbers. It also delares the kf_ internal functions.
Source: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
Detection Methods for CVE-2025-34297
Indicators of Compromise
- Unexpected application crashes in FFT processing routines
- Heap corruption errors or memory allocation failures in applications using KissFFT
- Abnormal memory usage patterns in 32-bit applications performing FFT operations
Detection Strategies
Static Code Analysis: Scan codebases for KissFFT library usage, particularly versions prior to commit 1b083165. Tools like CodeQL or Semgrep can identify vulnerable function calls.
Binary Analysis: Check compiled binaries for KissFFT library linkage. On Linux systems, use ldd or nm to identify linked libraries.
Version Detection: Audit software dependencies to identify KissFFT versions. Check if the library source includes the <stdint.h> header in kiss_fft.c.
Runtime Monitoring: Monitor for heap corruption signals (SIGABRT, SIGSEGV) in applications performing FFT operations, especially on 32-bit systems.
Monitoring Recommendations
- Implement memory sanitizers (AddressSanitizer, Valgrind) during development and testing phases
- Deploy crash reporting mechanisms to detect potential exploitation attempts
- Monitor system logs for repeated crashes in applications using FFT functionality
- Use SentinelOne's behavioral AI to detect anomalous memory access patterns indicative of heap overflow exploitation
How to Mitigate CVE-2025-34297
Immediate Actions Required
- Update KissFFT to include commit 1b08316582049c3716154caefc0deab8758506e3 or later
- Audit all applications using KissFFT on 32-bit platforms
- Consider migrating 32-bit applications to 64-bit architectures where feasible
Patch Information
The vulnerability has been addressed in the KissFFT repository through commit 1b083165. The fix adds proper integer overflow checking by including <stdint.h> and implementing validation of the nfft parameter before memory allocation.
Reference Links:
- Fix Commit: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
- Issue Tracker: https://github.com/mborgerding/kissfft/issues/120
- Advisory: https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow
Workarounds
If immediate patching is not possible, consider the following temporary mitigations:
- Input Validation: Implement bounds checking on nfft values before passing them to KissFFT functions
- Architecture Migration: Prioritize moving vulnerable 32-bit deployments to 64-bit platforms
- Memory Protection: Enable ASLR, stack canaries, and heap protection mechanisms at the OS level
# Example: Check if application uses KissFFT on Linux
ldd /path/to/application | grep -i kiss
# Verify library version by checking for the fix
grep -r "stdint.h" /path/to/kissfft/kiss_fft.c
# Enable AddressSanitizer for testing (GCC/Clang)
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
