Critical Buffer Overflow Vulnerability in KISS FFT Affects Fedora 42 and 43

Critical Buffer Overflow Vulnerability in KISS FFT Affects Fedora 42 and 43

First seen 19 Mar 2026, 05:12 UTC Linuxsecurity 95% similarity 72.8

Article Content

Browse articles
ThreatCluster

A critical buffer overflow vulnerability identified as CVE-2025-34297 affects the KISS FFT library used in Fedora 42 and 43. This vulnerability, which allows for an integer overflow heap buffer overflow via the kiss_fft_alloc function, was published on December 1, 2025. The issue has been addressed with the release of KISS FFT version 131.2.0, which includes a fix for the vulnerability. Users are advised to update their systems to mitigate potential exploitation risks. The update can be installed using the 'dnf' update program. The vulnerability impacts users of the KISS FFT library, particularly those running Fedora versions 42 and 43. The patch was made available on March 9, 2026. Security professionals should prioritize this update to prevent potential attacks exploiting this vulnerability.

Key Points: • CVE-2025-34297 is a critical buffer overflow vulnerability in KISS FFT. • The vulnerability affects Fedora 42 and 43 users and can lead to exploitation via kiss_fft_alloc. • A patch was released on March 9, 2026, and users are urged to update immediately.

ThreatCluster AI

Timeline

2025-12-01
CVE-2025-34297 published
2026-03-09
Patch for KISS FFT released to fix CVE-2025-34297
2026-03-19
Articles published detailing the vulnerability and patch

Community

Browse all →