Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer Over-Read/Write. An attacker who can write escape sequences to a kitty terminal (e.g., via a malicious file, SSH login banner, or piped content) can supply crafted x_offset/y_offset values that pass the bounds check after wrapping but cause massive out-of-bounds heap memory access in compose_rectangles(). No user interaction is required. No non-default configuration is required. The attacker only needs the ability to produce output in a kitty terminal window. This issue has been fixed in version 0.47.0.
AnalysisAI
Heap memory corruption in Kitty cross-platform GPU terminal emulator (versions 0.46.2 and below) allows remote attackers to trigger out-of-bounds heap reads and writes by emitting crafted graphics protocol escape sequences. The flaw stems from a 32-bit integer overflow in handle_compose_command() that lets malicious x_offset/y_offset values bypass bounds checks. No public exploit identified at time of analysis, but the bug requires no user interaction, no authentication, and works against default configurations whenever attacker-controlled bytes can reach the terminal - including via SSH banners, cat'd files, or piped output.
Technical ContextAI
Kitty is a widely deployed GPU-accelerated terminal emulator written in C by Kovid Goyal (CPE cpe:2.3:a:kovidgoyal:kitty). The vulnerability is in kitty/graphics.c, specifically the handle_compose_command() routine of Kitty's proprietary graphics protocol that lets terminals render bitmap images via escape sequences. Per CWE-190 (Integer Overflow or Wraparound), the original code declared width, height, dest_x, dest_y, src_x, and src_y as 32-bit unsigned ints and combined them in arithmetic bounds checks. Because each component is itself a full 32-bit value, sums such as dest_x + width wrap around past UINT32_MAX, making the validity check pass even when the resulting region extends far outside the source/destination image buffers. The patched code (commit e9661f0f3afb) widens these locals to uint64_t so the addition cannot overflow during validation before reaching compose_rectangles().
RemediationAI
Vendor-released patch: upgrade to Kitty 0.47.0 or later, which widens the offset arithmetic to uint64_t (commit https://github.com/kovidgoyal/kitty/commit/e9661f0f3afb4e4dbffa509adfb3df3c9780ad34); the advisory is at https://github.com/kovidgoyal/kitty/security/advisories/GHSA-qfgm-2c64-6x3x. Where immediate upgrade is impossible, compensating controls include avoiding cat/less/tail on untrusted files (pipe through a sanitizer such as cat -v or strings which strips control bytes), disabling automatic display of SSH banners by setting LogLevel QUIET / using ssh -q, and configuring tooling to filter or escape the Kitty graphics-protocol introducer (ESC _G ... ESC \) before content reaches the terminal; the trade-off is loss of legitimate inline-image features (icat, image previews in file managers, terminal-rendered plots) until patched.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows r
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code bec
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insuffic
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insuf
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insuf
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code e
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that ma
Remote code execution in Kitty terminal emulator versions prior to 0.47.0 allows any process or remote peer that can wri
Heap buffer overflow in Kitty terminal versions 0.46.2 and below allows any process able to write to the terminal's stan
Command injection in Kitty cross-platform GPU terminal emulator versions prior to 0.47.0 allows remote attackers to exec
Code injection in Kitty terminal emulator versions prior to 0.47.3 allows attacker-controlled bytes - including newline
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30968