CVE-2026-33633 Overview
CVE-2026-33633 is a heap buffer overflow [CWE-122] in the load_image_data() function of Kitty, a cross-platform GPU-based terminal emulator. Versions 0.46.2 and below are affected. Any process that can write to the terminal's standard input can trigger the flaw by emitting a single Application Program Command (APC) graphics protocol sequence. The crafted command declares PNG format (f=100) and carries a payload exceeding twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, producing immediate denial of service and creating potential for remote code execution. The maintainers released a fix in version 0.47.0.
Critical Impact
Attacker-controlled heap corruption via a single APC graphics command, leading to terminal crash and possible code execution in the user's session.
Affected Products
- Kitty terminal emulator versions 0.46.2 and earlier
- All platforms supported by Kitty (Linux, macOS)
- Fixed in Kitty version 0.47.0
Discovery Timeline
- 2026-05-19 - CVE-2026-33633 published to NVD
- 2026-05-19 - Last updated in NVD database
Technical Details for CVE-2026-33633
Vulnerability Analysis
The vulnerability resides in load_image_data(), the routine that parses graphics payloads delivered through Kitty's terminal graphics protocol. Kitty accepts inline images through APC escape sequences. When the f=100 parameter declares a PNG payload, the function allocates an initial heap buffer for the incoming data. If the payload size exceeds twice the initial buffer capacity, the function writes past the allocated region. The result is a heap buffer overflow classified under [CWE-122].
Because the terminal processes any byte stream written to its stdin, the attack surface includes log viewers, cat of attacker-controlled files, SSH banners, and any subprocess that emits text to the terminal. Exploitation requires only the ability to deliver bytes to the terminal display, not interactive access.
Root Cause
The root cause is missing bounds validation when expanding the destination buffer during PNG payload accumulation. The function assumes the payload fits within a growth factor that does not account for arbitrarily large APC payloads. Attacker-supplied length and content flow into the overflow, giving precise control over the bytes written beyond the buffer boundary.
Attack Vector
An attacker delivers a single APC graphics protocol command containing f=100 and a payload sized to exceed twice the initial buffer capacity. Delivery vectors include malicious files rendered with cat, crafted log entries, SSH MOTD banners, hostile web content rendered by terminal tools, or any pipe that an attacker can influence. The vulnerability described in the GHSA-j68c-v8x4-269g advisory results in immediate process termination and potential escalation to arbitrary code execution within the user context running Kitty. See the GitHub Security Advisory for protocol-level technical detail.
Detection Methods for CVE-2026-33633
Indicators of Compromise
- Unexpected Kitty process crashes correlated with terminal output from untrusted sources
- Core dumps from kitty showing faults in or near load_image_data()
- Files or network streams containing APC escape sequences with f=100 and oversized payloads
Detection Strategies
- Inspect terminal input streams for APC sequences (ESC _ G ... ESC \) carrying f=100 parameters with payload lengths far above typical PNG inline sizes
- Monitor for repeated SIGSEGV or SIGABRT terminations of the kitty binary across user sessions
- Correlate Kitty crashes with recent file reads, SSH logins, or log-tailing activity to identify the delivery channel
Monitoring Recommendations
- Collect crash telemetry and core dumps from developer and administrator workstations running Kitty
- Inventory installed Kitty versions across the fleet and flag any instance at or below 0.46.2
- Alert on outbound or inbound files containing large APC graphics payloads in security gateways that parse terminal traffic
How to Mitigate CVE-2026-33633
Immediate Actions Required
- Upgrade Kitty to version 0.47.0 or later on every endpoint where it is installed
- Restrict use of cat and similar commands against untrusted files until patching is complete
- Audit shell startup files, SSH banners, and log pipelines for attacker-influenced content
Patch Information
The maintainer fixed the overflow in commit e9661f0f3afb4e4dbffa509adfb3df3c9780ad34 and shipped the patch in Kitty 0.47.0. Review the GitHub Commit Update for the exact code change and the GitHub Security Advisory for vendor guidance.
Workarounds
- Disable the graphics protocol in Kitty configuration by setting an appropriate allow_remote_control and graphics policy until upgrade is possible
- Pipe untrusted content through filters that strip APC escape sequences before rendering in the terminal
- Avoid rendering untrusted binary files or remote logs directly in Kitty sessions on vulnerable versions
# Configuration example: verify Kitty version and upgrade
kitty --version
# Upgrade via the official installer
curl -L https://sw.kovidgoyal.net/kitty/installer.sh | sh /dev/stdin
# Confirm version is 0.47.0 or later
kitty --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
