Lucene search
K
KovidgoyalKitty

9 matches found

CVE
CVE
added 2020/12/21 7:7 p.m.152 views

CVE-2020-35605

The CVE-2020-35605 vulnerability affects the Kitty terminal emulator (graphics protocol handling) where a filename containing special characters in an error message could enable remote code execution. Affected component is Kitty’s graphics protocol implementation; root cause is inadequate sanitis...

9.8CVSS9.5AI score0.03608EPSS
CVE
CVE
added 2025/04/20 12:0 a.m.123 views

CVE-2025-43929

CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...

7.8CVSS7.1AI score0.00178EPSS
CVE
CVE
added 2026/05/19 6:4 p.m.28 views

CVE-2026-33642

CVE-2026-33642 affects Kitty up to version 0.46.2. The issue arises in handle_compose_command() in kitty/graphics.c, where 32-bit unsigned arithmetic for composition offsets can wrap and enable a heap buffer over-read/over-write. An attacker who can emit output to a Kitty terminal (e.g., maliciou...

9.9CVSS5.8AI score0.00286EPSS
CVE
CVE
added 2026/06/12 8:7 p.m.27 views

CVE-2026-54057

Kitty (cross-platform GPU-based terminal) is affected in versions prior to 0.47.3. The issue arises in the OSC 21 (color-control) query reply, which may reflect attacker-controlled bytes—including newlines—into the shell input without sanitization. This can enable local command injection or input...

7.8CVSS5.3AI score0.00166EPSS
CVE
CVE
added 2026/06/12 8:3 p.m.25 views

CVE-2026-54055

Kitty (cross‑platform GPU terminal) contains a local privilege escalation vulnerability in its file transmission protocol prior to 0.47.2. A TOCTOU race between symlink validation and file creation allows a child process in the terminal to cause an attack to write to arbitrary files because os.op...

5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2026/06/12 8:0 p.m.21 views

CVE-2026-42851

CVE-2026-42851 (Kitty terminal) : In versions prior to 0.47.0, a program that writes bytes to a Kitty terminal can trigger execution of attacker-supplied Python inside the Kitty process with the user’s privileges. This is a local issue with high impact to confidentiality, integrity, and availabil...

7.8CVSS5.6AI score0.00164EPSS
CVE
CVE
added 2026/06/12 8:6 p.m.21 views

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

7.6CVSS5.7AI score0.00268EPSS
CVE
CVE
added 2026/05/19 5:36 p.m.20 views

CVE-2026-33633

CVE-2026-33633 affects the Kitty terminal. Versions 0.46.2 and earlier are vulnerable to a heap buffer overflow in load_image_data(), triggered by a single APC graphics protocol command with a PNG declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacke...

8.8CVSS5.9AI score0.00367EPSS
CVE
CVE
added 2026/06/12 7:59 p.m.18 views

CVE-2026-42850

CVE-2026-42850 affects the Kitty terminal (GPU-based, cross-platform). In versions prior to 0.47.0, an injection is possible through a crafted kitty error that is echoed back to the terminal with CRLF and executed by the user’s shell. The attack requires the victim to connect to the attacker (e.g...

8.8CVSS5.5AI score0.00287EPSS