CVE-2026-33642
- EPSS 0.04%
- Veröffentlicht 19.05.2026 18:04:42
- Zuletzt bearbeitet 19.05.2026 21:08:41
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrappi...
CVE-2026-33633
- EPSS 0.04%
- Veröffentlicht 19.05.2026 17:36:07
- Zuletzt bearbeitet 19.05.2026 21:08:41
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by ...
CVE-2025-43929
- EPSS 0.06%
- Veröffentlicht 20.04.2025 00:00:00
- Zuletzt bearbeitet 24.04.2025 15:46:35
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
CVE-2020-35605
- EPSS 5.52%
- Veröffentlicht 21.12.2020 20:15:12
- Zuletzt bearbeitet 24.04.2025 17:39:27
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.