CVE-2025-59820 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-59820 at MITRE

Description

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

Upstream Security Advisories:

https://www.zerodayinitiative.com/advisories/ZDI-25-972/

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`krita >= 5.2.13-1.1` `krita-devel >= 5.2.13-1.1` `krita-lang >= 5.2.13-1.1`	Patchnames: openSUSE-Tumbleweed-2025-15577

SUSE Timeline for this CVE

CVE page created: Fri Sep 26 01:34:42 2025
CVE page last modified: Wed Nov 26 18:41:29 2025