CVE-2026-40919
Received Received - Intake

Buffer Overflow in GIMP file-seattle-filmworks Plugin Causes DoS

Vulnerability report for CVE-2026-40919, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-04-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-40919 is a vulnerability in the GIMP application caused by a buffer overflow in the `file-seattle-filmworks` plugin.

This flaw can be triggered when a user opens a specially crafted Seattle Filmworks file.

A remote attacker could exploit this vulnerability to cause a denial of service (DoS), which crashes the plugin and may impact the stability of the entire GIMP application.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

If exploited, the `file-seattle-filmworks` plugin crashes, which can destabilize the GIMP application.

This could interrupt your work or processes that rely on GIMP, potentially causing loss of unsaved data or requiring application restarts.

Mitigation Strategies

To mitigate this vulnerability, avoid opening Seattle Filmworks files with the GIMP application until a patch or update addressing the buffer overflow in the `file-seattle-filmworks` plugin is available.

Monitor for updates from your Linux distribution or the GIMP project that fix this issue and apply them promptly.

Consider restricting user access to untrusted Seattle Filmworks files to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart