CVE-2025-59820 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-59820 at MITRE

Description

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.

Upstream Security Advisories:

https://www.zerodayinitiative.com/advisories/ZDI-25-972/

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail	CNA (MITRE)
Base Score	6.7
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Attack Vector	Local
Attack Complexity	High
Privileges Required	None
User Interaction	None
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	High
Availability Impact	None
CVSSv3 Version	3.1

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`krita >= 5.2.13-1.1` `krita-devel >= 5.2.13-1.1` `krita-lang >= 5.2.13-1.1`	Patchnames: openSUSE-Tumbleweed-2025-15577

SUSE Timeline for this CVE

CVE page created: Fri Sep 26 01:34:42 2025
CVE page last modified: Tue May 12 17:36:14 2026