CVE-2025-59820

CVE-2025-59820

Name

CVE-2025-59820

Description

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://invent.kde.org/graphics/krita/
cve@mitre.org	https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8
cve@mitre.org	https://kde.org/info/security/advisory-20250929-1.txt
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html

Type

URI

cve@mitre.org

https://invent.kde.org/graphics/krita/

cve@mitre.org

https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8

cve@mitre.org

https://kde.org/info/security/advisory-20250929-1.txt

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html

CPE URI	Source package	Min version	Max version
	krita	== 0	== None

CPE URI

Source package

Min version

Max version

krita

== 0

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
krita	edge-community	5.2.13-r1	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.13-r0	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r5	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r4	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r3	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r2	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r1	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.9-r0	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.6-r3	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	edge-community	5.2.6-r2	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	3.22-community	5.2.9-r0	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable
krita	3.22-community	5.2.6-r2	Bart Ribbers <bribbers@disroot.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

krita

edge-community

5.2.13-r1

Bart Ribbers <bribbers@disroot.org>

possibly vulnerable

krita

edge-community