NIXPKGS-2026-1693

GitHub issue published on

Permalink CVE-2026-33633

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 days, 12 hours ago by @LeSuisse Activity log

Created suggestion 3 days, 17 hours ago
@LeSuisse ignored
9 packages
- kittysay
- kitty-img
- kitty-themes
- kittycad-kcl-lsp
- mailman-hyperkitty
- haskellPackages.discokitty
- mailmanPackages.hyperkitty
- mailmanPackages.mailman-hyperkitty
- vimPlugins.nvim-treesitter-parsers.kitty
2 days, 12 hours ago
@LeSuisse accepted 2 days, 12 hours ago
@LeSuisse published on GitHub 2 days, 12 hours ago

Kitty has a Heap Buffer Overflow in its Graphics Protocol Handler

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0.

References

https://github.com/kovidgoyal/kitty/security/advisories/GHSA-j68c-v8x4-269g exploitx_refsource_CONFIRM
https://github.com/kovidgoyal/kitty/commit/e9661f0f3afb4e4dbffa509adfb3df3c9780ad34 x_refsource_MISC

Affected products

kitty

==< 0.47.0

Matching in nixpkgs

pkgs.kitty

Fast, feature-rich, GPU based terminal emulator

nixos-unstable 0.46.2
- nixpkgs-unstable 0.46.2
- nixos-unstable-small 0.46.2
nixos-25.11 0.44.0
- nixos-25.11-small 0.44.0
- nixpkgs-25.11-darwin 0.44.0

Ignored packages (9)

pkgs.kittysay

Cowsay, but with a cute kitty :3

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 0.8.0
- nixos-25.11-small 0.8.0
- nixpkgs-25.11-darwin 0.8.0

pkgs.kitty-img

Print images inline in kitty

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.kitty-themes

Themes for the kitty terminal emulator

nixos-unstable 0-unstable-2026-03-31
- nixpkgs-unstable 0-unstable-2026-03-31
- nixos-unstable-small 0-unstable-2026-03-31
nixos-25.11 0-unstable-2025-10-24
- nixos-25.11-small 0-unstable-2025-10-24
- nixpkgs-25.11-darwin 0-unstable-2025-10-24

pkgs.kittycad-kcl-lsp

KittyCAD KCL language server

nixos-unstable 0.1.71
- nixpkgs-unstable 0.1.71
- nixos-unstable-small 0.1.71
nixos-25.11 0.1.71
- nixos-25.11-small 0.1.71
- nixpkgs-25.11-darwin 0.1.71

pkgs.mailman-hyperkitty

Mailman archiver plugin for HyperKitty

nixos-unstable 1.2.1
- nixpkgs-unstable 1.2.1
- nixos-unstable-small 1.2.1
nixos-25.11 1.2.1
- nixos-25.11-small 1.2.1
- nixpkgs-25.11-darwin 1.2.1

pkgs.haskellPackages.discokitty

DisCoCat implementation

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.mailmanPackages.hyperkitty

Archiver for GNU Mailman v3

nixos-unstable 1.3.12
- nixpkgs-unstable 1.3.12
- nixos-unstable-small 1.3.12
nixos-25.11 1.3.12
- nixos-25.11-small 1.3.12
- nixpkgs-25.11-darwin 1.3.12

pkgs.mailmanPackages.mailman-hyperkitty