Kovidgoyal

Kitty

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.17%
  • Veröffentlicht 12.06.2026 20:07:00
  • Zuletzt bearbeitet 16.06.2026 15:42:18

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue.

Exploit
  • EPSS 0.27%
  • Veröffentlicht 12.06.2026 20:06:06
  • Zuletzt bearbeitet 16.06.2026 15:59:57

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote `text/uri-list` drops are st...

  • EPSS 0.07%
  • Veröffentlicht 12.06.2026 20:03:17
  • Zuletzt bearbeitet 16.06.2026 16:02:45

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the files...

Exploit
  • EPSS 0.16%
  • Veröffentlicht 12.06.2026 20:00:23
  • Zuletzt bearbeitet 16.06.2026 16:07:46

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an email body rendered in `less`, an issue body in a TU...

Exploit
  • EPSS 0.29%
  • Veröffentlicht 12.06.2026 19:59:14
  • Zuletzt bearbeitet 16.06.2026 16:11:50

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correct...

  • EPSS 0.29%
  • Veröffentlicht 19.05.2026 18:04:42
  • Zuletzt bearbeitet 19.05.2026 21:08:41

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrappi...

  • EPSS 0.37%
  • Veröffentlicht 19.05.2026 17:36:07
  • Zuletzt bearbeitet 19.05.2026 21:08:41

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by ...

Exploit
  • EPSS 0.18%
  • Veröffentlicht 20.04.2025 00:00:00
  • Zuletzt bearbeitet 24.04.2025 15:46:35

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Exploit
  • EPSS 3.61%
  • Veröffentlicht 21.12.2020 20:15:12
  • Zuletzt bearbeitet 24.04.2025 17:39:27

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.