Your submission was sent successfully! Close

CVE-2020-35605

Published: 21 December 2020

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
kitty
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (0.15.0-1ubuntu0.2)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(0.21.2-1build1)
kinetic Not vulnerable
(0.21.2-1build1)
precise Does not exist

trusty Does not exist

upstream
Released (0.19.3)
xenial Does not exist

Patches:
upstream: https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901