Security advisory for Krita < 5.2.13
David Edmundson
davidedmundson at kde.org
Mon Sep 29 22:14:10 BST 2025
A new security advisory for Krita has been announced.
KDE Project Security Advisory
=============================
Title: Krita: Heap-based buffer overflow when parsing TGA files
Risk Rating: Medium
CVE: CVE-2025-59820
Versions: Affected versions of Krita prior to 5.2.13
Author: KDE Security Team
Date: 29/09/2025
Overview
========
A vulnerability was identified in Krita’s TGA file parser that could
result in a heap-based buffer overflow during file processing.
Impact
======
Opening a specially crafted TGA file in Krita may trigger a heap-based
buffer overflow, potentially leading to application crashes or
potentially in the worst case, code execution.
Workaround
==========
Avoid opening TGA files from unknown sources in Krita until the fix is applied.
Solution
========
Update to the latest release of Krita 5.2.13 or apply
the following patch:
https://commits.kde.org/krita/6d3651ac4df88efb68e013d21061de9846e83fe8
Credits
=======
This issue was reported by Trend Micro.
More information about the kde-announce
mailing list