Your message dated Fri, 08 May 2026 11:34:07 +0000
with message-id <[email protected]>
and subject line Bug#1131147: fixed in kissfft 131.1.0-4.1
has caused the Debian Bug report #1131147,
regarding kissfft: CVE-2025-34297
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kissfft
Version: 131.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/mborgerding/kissfft/issues/120
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kissfft.
CVE-2025-34297[0]:
| KissFFT versions prior to the fix commit 1b083165 contain an integer
| overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t
| is 32-bit. The nfft parameter is not validated before being used in
| a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can
| wrap to a small value when nfft is large. As a result, malloc()
| allocates an undersized buffer and the subsequent twiddle-factor
| initialization loop writes nfft elements, causing a heap buffer
| overflow. This vulnerability only affects 32-bit architectures.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-34297
https://www.cve.org/CVERecord?id=CVE-2025-34297
[1] https://github.com/mborgerding/kissfft/issues/120
[2]
https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: kissfft
Source-Version: 131.1.0-4.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kissfft, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated kissfft package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 14:02:10 +0300
Source: kissfft
Architecture: source
Version: 131.1.0-4.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1131147 1134493
Changes:
kissfft (131.1.0-4.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-34297: Integer Overflow on 32-bit Systems
(Closes: #1131147)
* CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc()
(Closes: #1134493)
Checksums-Sha1:
7cdd0f503ff94cad6d584957232a8c3575449149 2141 kissfft_131.1.0-4.1.dsc
f98b8900c14710dbef1655915e556f2d98ebfe8c 9160 kissfft_131.1.0-4.1.debian.tar.xz
Checksums-Sha256:
9a3beb66340692b9c45e89028a65aa87de39d14137d1c6409bc4bf9ac7115822 2141
kissfft_131.1.0-4.1.dsc
b00d577cf11afa33d1e5b2622af9dbfd6dd3b131e9580a5ccff53e1bbabbc534 9160
kissfft_131.1.0-4.1.debian.tar.xz
Files:
ed34220bc98755f7cc293231b46056d4 2141 libs optional kissfft_131.1.0-4.1.dsc
07f31198ec2a9131fc0c041b9b119dbd 9160 libs optional
kissfft_131.1.0-4.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn8chQACgkQiNJCh6LY
mLGymhAAxPvsziMDTTv49pk4VHzNGqI0NOEEYkqsYO0BSgD86O+kgSeZGkTAWHRz
za+wEomIJhVagsDGfjxiQHxNDQaEI8vEU38jb4OTCPFMPHD7bfgzh8OL/qEjKpBC
It6FXonQUD7n7HkVGfFZu9KYiad/SFc3McL3vkj2RWagaTcigZPsnII6hCO7gNkd
ueni2zKIOjl1EBzQ5abgHEsKOqEsNwQjJlglkKJ6K8gBjp8K9+hbVPFpIxHpMC1i
UM5yQwccv41+o0Sv7m0oJu0vkHktnhZUhVVIDKPr+f3SyexcTm/EWVT6B3mWfaVK
rqSFgK2hKN9QeuiYlEqhnVEwBhOweWbojJK6NIqbxx0/OV0E21Z9KlsbSYiYqjAq
yrV9xhLELbjnXXM53SjIx0L1SZ7ODLvl8i4v2JScdx/qLcawMeDPDcIOH8Dk30pJ
qwUjb2wXhy3U/egbPbJ4ggqnQq0Q67e9UtX1Hxdi4OQ9si/XDOe2EhmEpS/yaPgj
BF2IWs6RuP9hhrBWTVn8qlDw9ekcl3PwFPYjc7zA2fvtEWPgPpgaPLwxpp78ueMD
3XqhUzeD5A2kWjAaquHzb628++ZZVlxX7FJ6v4TfyKzw+4pCWcLEm4dPhBUacCAC
BoUWH1YVTY0cVrzKzVfawoNTNTObTvb7eQV7SXpJN2B/3N+I33o=
=2vNb
-----END PGP SIGNATURE-----
pgp1B1ErJmhuK.pgp
Description: PGP signature
--- End Message ---
