Critical Integer Overflow Vulnerability in Krita Affects Fedora 43 and 44

A critical integer overflow vulnerability, CVE-2026-42144, has been identified in Krita, affecting both Fedora 43 and Fedora 44. The flaw allows attackers to bypass memory guards during PNM size checks, potentially leading to arbitrary code execution. Fedora 44 has been updated to version 6.0.2.1 to address this issue, while Fedora 43 has been patched to version 5.2.16-2. The vulnerability was published on May 4, 2026, and has been confirmed in both versions of the software. Users are advised to upgrade their installations using the provided dnf commands. The flaw impacts systems running Krita, a popular open-source digital painting application. Immediate action is recommended to mitigate potential exploitation.

Key Points: • CVE-2026-42144 is a critical integer overflow vulnerability in Krita. • Affected systems include Fedora 43 and Fedora 44, with patches available. • Users should upgrade to the latest versions to avoid potential exploitation.