{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40919", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-15T18:38:30.106Z", "datePublished": "2026-04-15T18:59:16.272Z", "dateUpdated": "2026-04-15T20:01:40.521Z"}, "containers": {"cna": {"title": "Gimp: gimp: denial of service via specially crafted seattle filmworks file", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp:2.8/gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-40919", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458748", "name": "RHBZ#2458748", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-15T18:41:37.993Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-787: Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "To mitigate this vulnerability, users should exercise caution and avoid opening untrusted Seattle Filmworks (.sfw) files with GIMP. Processing untrusted files can trigger the buffer overflow, leading to a denial of service."}], "timeline": [{"lang": "en", "time": "2026-04-15T18:35:03.656Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T18:41:37.993Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank chamalsl for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T18:59:16.272Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T19:36:14.875270Z", "id": "CVE-2026-40919", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T20:01:40.521Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T19:36:14.875270Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:36:23.099Z"}}], "cna": {"title": "Gimp: gimp: denial of service via specially crafted seattle filmworks file", "credits": [{"lang": "en", "value": "Red Hat would like to thank chamalsl for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gimp:2.8/gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-04-15T18:35:03.656Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T18:41:37.993Z", "value": "Made public."}], "datePublic": "2026-04-15T18:41:37.993Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-40919", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458748", "name": "RHBZ#2458748", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "To mitigate this vulnerability, users should exercise caution and avoid opening untrusted Seattle Filmworks (.sfw) files with GIMP. Processing untrusted files can trigger the buffer overflow, leading to a denial of service."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T18:59:16.272Z"}, "x_redhatCweChain": "CWE-787: Out-of-bounds Write"}}, "cveMetadata": {"cveId": "CVE-2026-40919", "state": "PUBLISHED", "dateUpdated": "2026-04-15T20:01:40.521Z", "dateReserved": "2026-04-15T18:38:30.106Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-15T18:59:16.272Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application."}], "id": "CVE-2026-40919", "lastModified": "2026-04-15T20:16:37.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-15T20:16:37.430", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-40919"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458748"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank chamalsl for reporting this issue.", "bugzilla": {"description": "gimp: GIMP: Denial of Service via specially crafted Seattle Filmworks file", "id": "2458748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458748"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, users should exercise caution and avoid opening untrusted Seattle Filmworks (.sfw) files with GIMP. Processing untrusted files can trigger the buffer overflow, leading to a denial of service."}, "name": "CVE-2026-40919", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-15T18:41:37Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40919\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40919"], "statement": "This Moderate impact flaw in GIMP's `file-seattle-filmworks` plugin can lead to a denial of service. Exploitation requires a user to open a specially crafted Seattle Filmworks file. This could cause the GIMP application to crash, affecting its stability.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "gimp", "vendor": "gimp"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 6", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-15T22:08:30.848865+00:00", "value": {"mitigation_remediation": ["Update GIMP to the latest security\u2011patched release that removes the buffer\u2011overflow in the Seattle Filmworks plugin.", "Stop using or delete any untrusted .sfw files; do not open them with GIMP.", "Employ a sandbox or virtualization environment when opening unknown files to isolate the GIMP process from the rest of the system."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects systems that run GIMP on Red\u00a0Hat Enterprise\u00a0Linux\u00a06,\u202f7,\u202f8, and\u202f9. All versions of GIMP that include the file\u2011seattle\u2011filmworks plugin prior to the published fix are vulnerable.", "description_and_impact": "GIMP's file\u2011seattle\u2011filmworks plugin contains an out\u2011of\u2011bounds write bug. A specially crafted Seattle Filmworks (.sfw) file can overflow a buffer when opened, causing the plugin to crash. The crash leads to a denial of service, disrupting the stability of the GIMP application and potentially allowing a local attacker to interrupt graphical workflows.", "risk_and_exploitability": "The flaw has a CVSS score of 6.1, indicating moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. An attacker must supply the malicious .sfw file and have it processed by a user running GIMP. It is therefore a local or remote threat that relies on user interaction. The lack of a public exploit means the probability of exploitation is currently unknown, but the buffer overflow nature warrants caution."}}}}, "created": "2026-04-15T22:15:15.707468+00:00", "updated": "2026-04-16T09:12:16.750663+00:00", "vendors": ["gimp", "gimp$PRODUCT$gimp", "redhat", "redhat$PRODUCT$enterprise_linux"]}