CVE-2026-40919
Received Received - Intake
Buffer Overflow in GIMP file-seattle-filmworks Plugin Causes DoS

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40919
EUVD
EUVD-2026-23028
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40919 is a vulnerability in the GIMP application caused by a buffer overflow in the `file-seattle-filmworks` plugin.

This flaw can be triggered when a user opens a specially crafted Seattle Filmworks file.

A remote attacker could exploit this vulnerability to cause a denial of service (DoS), which crashes the plugin and may impact the stability of the entire GIMP application.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

If exploited, the `file-seattle-filmworks` plugin crashes, which can destabilize the GIMP application.

This could interrupt your work or processes that rely on GIMP, potentially causing loss of unsaved data or requiring application restarts.

Mitigation Strategies

To mitigate this vulnerability, avoid opening Seattle Filmworks files with the GIMP application until a patch or update addressing the buffer overflow in the `file-seattle-filmworks` plugin is available.

Monitor for updates from your Linux distribution or the GIMP project that fix this issue and apply them promptly.

Consider restricting user access to untrusted Seattle Filmworks files to reduce the risk of exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart