kissfft - Debian Package Tracker

general

source: kissfft (main)
version: 131.1.0-4
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Vasyl Gello [DMD] [DM]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 131.1.0-1
oldstable: 131.1.0-3
stable: 131.1.0-3
testing: 131.1.0-4
unstable: 131.1.0-4

versioned links

131.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
131.1.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
131.1.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

kissfft-tools
libkissfft-dev
libkissfft-float131

action needed

A new upstream version is available: 131.2.0 high

A new upstream version 131.2.0 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-04-24 08:02

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2025-34297: KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
CVE-2026-41445: KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

Created: 2026-03-18 Last update: 2026-04-21 20:30

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-34297: KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
CVE-2026-41445: KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

Created: 2026-03-18 Last update: 2026-04-21 20:30

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-34297: (needs triaging) KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
CVE-2026-41445: (needs triaging) KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-03-18 Last update: 2026-04-21 20:30

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2025-34297: (needs triaging) KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures.
CVE-2026-41445: (needs triaging) KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-03-18 Last update: 2026-04-21 20:30

debian/patches: 4 patches to forward upstream low

Among the 5 debian patches available in version 131.1.0-4 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-09-26 06:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[rss feed]

[2025-10-01] kissfft 131.1.0-4 MIGRATED to testing (Debian testing watch)
[2025-09-25] Accepted kissfft 131.1.0-4 (source) into unstable (Dylan Aïssi)
[2022-11-26] kissfft 131.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-11-20] Accepted kissfft 131.1.0-3 (source) into unstable (Vasyl Gello) (signed by: Mattia Rizzolo)
[2021-10-12] kissfft 131.1.0-2 MIGRATED to testing (Debian testing watch)
[2021-10-07] Accepted kissfft 131.1.0-2 (source) into unstable (Vasyl Gello) (signed by: Mattia Rizzolo)
[2021-05-26] Accepted kissfft 131.1.0-1~bpo10+1 (source amd64) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2021-03-01] kissfft 131.1.0-1 MIGRATED to testing (Debian testing watch)
[2021-02-16] Accepted kissfft 131.1.0-1 (source) into unstable (Vasyl Gello) (signed by: Mattia Rizzolo)
[2021-01-27] kissfft 131+git20201106.cc862cb-2 MIGRATED to testing (Debian testing watch)
[2021-01-21] Accepted kissfft 131+git20201106.cc862cb-2 (source) into unstable (Mattia Rizzolo)
[2021-01-21] Accepted kissfft 131+git20201106.cc862cb-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Mattia Rizzolo)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 131.1.0-4