{"id":"USN-8442-1","summary":"kitty vulnerabilities","details":"It was discovered that kitty incorrectly handled certain image data. An\nattacker able to write to the terminal's input could possibly use this\nissue to cause kitty to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2026-33633)\n\nIt was discovered that kitty incorrectly handled certain graphics commands.\nAn attacker able to write escape sequences to a kitty terminal could\npossibly use this issue to cause kitty to crash, resulting in a denial of\nservice, or possibly execute arbitrary code. (CVE-2026-33642)","modified":"2026-06-18T00:44:22.082357624Z","published":"2026-06-17T15:37:12Z","related":["UBUNTU-CVE-2026-33633","UBUNTU-CVE-2026-33642"],"upstream":["UBUNTU-CVE-2026-33633","UBUNTU-CVE-2026-33642"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8442-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33633"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-33642"}],"affected":[{"package":{"name":"kitty","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15.0-1ubuntu0.2+esm1"}]}],"versions":["0.14.3-1","0.14.4-1","0.14.6-1","0.15.0-1","0.15.0-1build1","0.15.0-1ubuntu0.2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"0.15.0-1ubuntu0.2+esm1","binary_name":"kitty"},{"binary_version":"0.15.0-1ubuntu0.2+esm1","binary_name":"kitty-terminfo"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2026-33633","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33642","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8442-1.json"}},{"package":{"name":"kitty","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21.2-1ubuntu0.22.04.1+esm1"}]}],"versions":["0.19.3-1","0.21.2-1","0.21.2-1build1","0.21.2-1ubuntu0.22.04.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"0.21.2-1ubuntu0.22.04.1+esm1","binary_name":"kitty"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2026-33633","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33642","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8442-1.json"}},{"package":{"name":"kitty","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.32.2-1ubuntu0.4+esm1"}]}],"versions":["0.26.5-3ubuntu2","0.26.5-5ubuntu1","0.31.0-3","0.31.0-4","0.32.2-1","0.32.2-1build2","0.32.2-1build3","0.32.2-1ubuntu0.1","0.32.2-1ubuntu0.2","0.32.2-1ubuntu0.3","0.32.2-1ubuntu0.4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"0.32.2-1ubuntu0.4+esm1","binary_name":"kitty"},{"binary_version":"0.32.2-1ubuntu0.4+esm1","binary_name":"kitty-shell-integration"},{"binary_version":"0.32.2-1ubuntu0.4+esm1","binary_name":"kitty-terminfo"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:24.04:LTS","cves":[{"id":"CVE-2026-33633","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33642","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8442-1.json"}},{"package":{"name":"kitty","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/kitty?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.41.1-2+deb13u1build0.25.10.1"}]}],"versions":["0.39.1-1","0.41.1-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.41.1-2+deb13u1build0.25.10.1","binary_name":"kitty"},{"binary_version":"0.41.1-2+deb13u1build0.25.10.1","binary_name":"kitty-shell-integration"},{"binary_version":"0.41.1-2+deb13u1build0.25.10.1","binary_name":"kitty-terminfo"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"id":"CVE-2026-33633","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33642","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8442-1.json"}},{"package":{"name":"kitty","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.45.0-1ubuntu0.1~esm1"}]}],"versions":["0.41.1-2","0.43.1-1","0.44.0-1","0.45.0-1","0.45.0-1build1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"0.45.0-1ubuntu0.1~esm1","binary_name":"kitty"},{"binary_version":"0.45.0-1ubuntu0.1~esm1","binary_name":"kitty-shell-integration"},{"binary_version":"0.45.0-1ubuntu0.1~esm1","binary_name":"kitty-terminfo"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:26.04:LTS","cves":[{"id":"CVE-2026-33633","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-33642","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8442-1.json"}}],"schema_version":"1.7.5"}