CVE-2025-59820

Name of the Vulnerable Software and Affected Versions Krita versions prior to 5.2.13 Krita versions 5.1.5+dfsg-2+deb12u1 through 5.1.5+dfsg-2+deb12u1 Krita versions 5.2.9+dfsg-1+deb13u1 through 5.2.9+dfsg-1+deb13u1

Description A heap-based buffer overflow exists in the TGA parser of Krita, a creative application for raster images. Loading a manipulated TGA file can lead to a buffer overflow in the kis tga import.cpp file (also known as KisTgaImport). Specifically, control flow continues even when the number of pixels is negative. This issue could potentially allow for arbitrary code execution if a specially crafted image is opened.

Recommendations Upgrade Krita to version 5.2.13 or later. Upgrade Krita packages to version 1:5.1.5+dfsg-2+deb12u1 for Debian oldstable (bookworm). Upgrade Krita packages to version 1:5.2.9+dfsg-1+deb13u1 for Debian stable (trixie).