CVE-2026-40919
Buffer Overflow in GIMP file-seattle-filmworks Plugin Causes DoS
Publication date: 2026-04-15
Last updated on: 2026-04-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| gimp | gimp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40919 is a vulnerability in the GIMP application caused by a buffer overflow in the `file-seattle-filmworks` plugin.
This flaw can be triggered when a user opens a specially crafted Seattle Filmworks file.
A remote attacker could exploit this vulnerability to cause a denial of service (DoS), which crashes the plugin and may impact the stability of the entire GIMP application.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition.
If exploited, the `file-seattle-filmworks` plugin crashes, which can destabilize the GIMP application.
This could interrupt your work or processes that rely on GIMP, potentially causing loss of unsaved data or requiring application restarts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening Seattle Filmworks files with the GIMP application until a patch or update addressing the buffer overflow in the `file-seattle-filmworks` plugin is available.
Monitor for updates from your Linux distribution or the GIMP project that fix this issue and apply them promptly.
Consider restricting user access to untrusted Seattle Filmworks files to reduce the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.