CNNVD-202511-2899 Information

CNNVD ID

CNNVD-202511-2899

Related CVE

CVE-2025-59820

• CNNVD Published: 2025-11-26

Description (Chinese)

KDE Krita是KDE社区的一个数字绘画和动画软件。 KDE Krita 5.2.13之前版本存在安全漏洞，该漏洞源于加载特制TGA文件可能导致堆缓冲区溢出。

Description (English)

KDE Krita is a digital painting and animation software for the KDE community. The previous version of KDE Krita 5.2.13 had a security loophole, which originated from the loading of a special TGA file that could result in a spill over the buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

KDE

Published

2025-11-26

Last Modified

2026-02-24

References

https://kde.org/info/security/advisory-20250929-1.txt https://invent.kde.org/graphics/krita/ https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8 https://vigilance.fr/vulnerability/KDE-Krita-buffer-overflow-via-plugins-impex-tga-kis-tga-import-cpp-48882

Patch

https://kde.org/zh-cn/