Medium severity6.7NVD Advisory· Published Nov 26, 2025· Updated Apr 15, 2026

CVE-2025-59820

Description

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

invent.kde.org/graphics/krita/nvd
invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8nvd
kde.org/info/security/advisory-20250929-1.txtnvd
lists.debian.org/debian-lts-announce/2025/12/msg00006.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000