CVE-2025-59820

Krita: Krita: Heap-based buffer overflow via manipulated TGA file

Description

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

INFO

Published Date :

2025-11-26T00:00:00.000Z

Last Modified :

2025-12-06T02:32:10.590Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59820 vulnerability.

Vendors	Products
Kde	Krita

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59820.

URL	Resource
https://invent.kde.org/graphics/krita/
https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8
https://kde.org/info/security/advisory-20250929-1.txt
https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html
https://nvd.nist.gov/vuln/detail/CVE-2025-59820
https://www.cve.org/CVERecord?id=CVE-2025-59820

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact