KiTTY versions 0.76.1.13 and below suffer from buffer overflows related to ANSI escape sequences. Two exploits are included as proof of concepts as well as a full documented breakdown of the issues.
1f71c297de8e15269afccee5fe50775bb9e2e1ea8407831ab9883313d3078f04
KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack.
9f28adde33c5791a14e7705f8844a344ce30e9443338e16ab264e1393fd4e9a8