VulnerableCode Package Details - pkg:deb/debian/kitty@0.9.2-2.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/kitty@0.9.2-2.1

Essentials
History (3)

purl	pkg:deb/debian/kitty@0.9.2-2.1

Next non-vulnerable version	0.41.1-2
Latest non-vulnerable version	0.41.1-2
Risk	3.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-56by-s8qc-2fd3 Aliases: CVE-2020-35605	The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.	0.13.3-1+deb10u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.19.3-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jkr3-br86-cuda Aliases: CVE-2022-41322	In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.	0.26.5-5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-56by-s8qc-2fd3
Aliases:
CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

0.13.3-1+deb10u1
Affected by 2 other vulnerabilities.

0.19.3-1
Affected by 2 other vulnerabilities.

VCID-jkr3-br86-cuda
Aliases:
CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.

0.26.5-5
Affected by 3 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T06:53:29.155689+00:00	Debian Oval Importer	Affected by	VCID-jkr3-br86-cuda	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:52:22.984038+00:00	Debian Oval Importer	Affected by	VCID-56by-s8qc-2fd3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:27:00.103633+00:00	Debian Oval Importer	Affected by	VCID-56by-s8qc-2fd3	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0