Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0.
AnalysisAI
Heap buffer overflow in Kitty terminal versions 0.46.2 and below allows any process able to write to the terminal's standard input to crash the application and potentially achieve remote code execution. The flaw lives in load_image_data() and is triggered by a single APC graphics protocol command declaring PNG format (f=100) with a payload exceeding twice the initial buffer capacity, giving the attacker control over both overflow length and content. No public exploit identified at time of analysis, but the vulnerability has been fixed upstream in version 0.47.0.
Technical ContextAI
Kitty is a GPU-accelerated, cross-platform terminal emulator written in C (cpe:2.3:a:kovidgoyal:kitty) that implements its own graphics protocol using APC (Application Program Command) escape sequences. The protocol lets clients embed images directly inside terminal output, with the f=100 parameter signaling that the payload is PNG-encoded image data. The vulnerability is a CWE-122 heap-based buffer overflow inside load_image_data(): the routine reserves an initial heap buffer for the decoded image but fails to bound subsequent payload chunks, so a payload larger than twice the initial capacity overruns the allocation. Because the bytes written come straight from the attacker's APC command, both the size and content of the overwrite are attacker-controlled, which is exactly the precondition for heap corruption escalation. The upstream fix commit (e9661f0) also widens related dimension variables in handle_compose_command from unsigned int to uint64_t to prevent integer overflow during validity checks, indicating tightening across the graphics command path.
RemediationAI
Vendor-released patch: upgrade Kitty to version 0.47.0 or later, available from the project's GitHub releases and referenced in advisory GHSA-j68c-v8x4-269g (https://github.com/kovidgoyal/kitty/security/advisories/GHSA-j68c-v8x4-269g). Until upgrade is possible, treat terminal stdin as an attack surface: avoid catting or paging untrusted files, log streams, or remote command output through Kitty; pipe untrusted output through filters that strip APC sequences (e.g., less with -R disabled, or wrap with cat -v) at the cost of losing legitimate inline graphics; and where feasible disable the graphics protocol via the allow_remote_control and graphics-related configuration to remove the affected code path, accepting the loss of icat/image preview functionality. SSH and tmux sessions that forward output from untrusted hosts should be considered exposure vectors and locked down accordingly.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows r
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code bec
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code e
Heap memory corruption in Kitty cross-platform GPU terminal emulator (versions 0.46.2 and below) allows remote attackers
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that ma
Remote code execution in Kitty terminal emulator versions prior to 0.47.0 allows any process or remote peer that can wri
Command injection in Kitty cross-platform GPU terminal emulator versions prior to 0.47.0 allows remote attackers to exec
Code injection in Kitty terminal emulator versions prior to 0.47.3 allows attacker-controlled bytes - including newline
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30964