CVE-2020-35605

Name of the Vulnerable Software and Affected Versions: kitty versions prior to 0.19.3

Description: The Graphics Protocol feature in the graphics.c file of kitty allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. This issue is related to the lack of filename sanitization when returning an error message, which can be exploited by remote attackers to gain access to confidential data, disrupt its integrity, and cause a denial of service.

Recommendations: For kitty versions prior to 0.19.3, update to version 0.19.3 or later to resolve the issue. As a temporary workaround, consider disabling the Graphics Protocol feature until a patch is available. Restrict access to the graphics.c file to minimize the risk of exploitation. Avoid using filenames containing special characters in the affected Graphics Protocol feature until the issue is resolved.