Home > Vulnerability Database > CVE-2025-59820

Mend.io Vulnerability Database

CVE-2025-59820

Good to know:

Date: November 25, 2025

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

Severity Score

6.7

Related Resources (6)

Url: https://kde.org/info/security/advisory-20250929-1.txt

Url: https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8

Url: https://invent.kde.org/graphics/krita/

Url: https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59820

Url: https://www.mend.io/vulnerability-database/CVE-2025-59820

Severity Score

6.7

Weakness Type (CWE)

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

Upgrade Version

Upgrade to version https://invent.kde.org/graphics/krita.git - v5.2.13

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59820

Good to know:

Date: November 25, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?