Description
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.
Published: 2026-04-15
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

GIMP's file‑seattle‑filmworks plugin contains an out‑of‑bounds write bug. A specially crafted Seattle Filmworks (.sfw) file can overflow a buffer when opened, causing the plugin to crash. The crash leads to a denial of service, disrupting the stability of the GIMP application and potentially allowing a local attacker to interrupt graphical workflows.

Affected Systems

The vulnerability affects systems that run GIMP on Red Hat Enterprise Linux 6, 7, 8, and 9. All versions of GIMP that include the file‑seattle‑filmworks plugin prior to the published fix are vulnerable.

Risk and Exploitability

The flaw has a CVSS score of 6.1, indicating moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog. An attacker must supply the malicious .sfw file and have it processed by a user running GIMP. It is therefore a local or remote threat that relies on user interaction. The lack of a public exploit means the probability of exploitation is currently unknown, but the buffer overflow nature warrants caution.

Generated by OpenCVE AI on April 15, 2026 at 22:08 UTC.

Remediation

Vendor Workaround

To mitigate this vulnerability, users should exercise caution and avoid opening untrusted Seattle Filmworks (.sfw) files with GIMP. Processing untrusted files can trigger the buffer overflow, leading to a denial of service.

OpenCVE Recommended Actions

  • Update GIMP to the latest security‑patched release that removes the buffer‑overflow in the Seattle Filmworks plugin.
  • Stop using or delete any untrusted .sfw files; do not open them with GIMP.
  • Employ a sandbox or virtualization environment when opening unknown files to isolate the GIMP process from the rest of the system.

Generated by OpenCVE AI on April 15, 2026 at 22:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Gimp
Gimp gimp
Vendors & Products Gimp
Gimp gimp

Thu, 16 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.
Title Gimp: gimp: denial of service via specially crafted seattle filmworks file
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-787
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Gimp Gimp
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-15T20:01:40.521Z

Reserved: 2026-04-15T18:38:30.106Z

Link: CVE-2026-40919

cve-icon Vulnrichment

Updated: 2026-04-15T19:36:23.099Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T20:16:37.430

Modified: 2026-04-17T15:08:01.337

Link: CVE-2026-40919

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-15T18:41:37Z

Links: CVE-2026-40919 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:12:16Z

Weaknesses