CVE-2025-59820

CVSS v3.1

6.7

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Krita versions prior to 5.2.13 Krita versions 5.1.5+dfsg-2+deb12u1 through 5.1.5+dfsg-2+deb12u1 Krita versions 5.2.9+dfsg-1+deb13u1 through 5.2.9+dfsg-1+deb13u1

Description A heap-based buffer overflow exists in the TGA parser of Krita, a creative application for raster images. Loading a manipulated TGA file can lead to a buffer overflow in the

kis tga import.cpp

file (also known as

KisTgaImport

). Specifically, control flow continues even when the number of pixels is negative. This issue could potentially allow for arbitrary code execution if a specially crafted image is opened.

Recommendations Upgrade Krita to version 5.2.13 or later. Upgrade Krita packages to version 1:5.1.5+dfsg-2+deb12u1 for Debian oldstable (bookworm). Upgrade Krita packages to version 1:5.2.9+dfsg-1+deb13u1 for Debian stable (trixie).

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284

Related Identifiers

ALT-PU-2025-12859

CVE-2025-59820

DSA-6065-1

ZDI-25-972

Affected Products

Debian

Krita

CVE-2025-59820

Weakness Enumeration

Related Identifiers

Affected Products

References · 16