Back

Multiple Vulnerabilities in LibTIFF Affect QT WebEngine, Texmaker, and GDAL

Severity: Medium (Score: 57.8)

Sources: Ubuntu

Published: 2026-05-29 · Updated: 2026-05-29

Keywords: webengine, texmaker, gdal, made, crash, programs, received

Severity indicators: vulnerability

Summary

Recent vulnerabilities have been discovered in QT WebEngine, Texmaker, and GDAL, all stemming from the vendored LibTIFF. These vulnerabilities allow attackers to potentially crash the applications, execute arbitrary code, or obtain sensitive information through specially crafted TIFF image metadata. The issues are classified as denial of service vulnerabilities, affecting users of these applications across various systems. Affected users are advised to update their systems to mitigate the risks associated with these vulnerabilities. The vulnerabilities were disclosed on May 28, 2026, and are part of a broader security advisory from Ubuntu. Users are encouraged to apply standard system updates to ensure protection. No specific CVEs have been mentioned in the articles. Key Points: • QT WebEngine, Texmaker, and GDAL are vulnerable due to issues in the vendored LibTIFF. • Attackers can exploit these vulnerabilities to cause denial of service or execute arbitrary code. • Users should update their systems to the latest package versions to mitigate risks.

Detailed Analysis

**Impact** Users of QT WebEngine, Texmaker, and GDAL that incorporate the vendored LibTIFF library are affected globally. The vulnerabilities allow attackers to cause denial of service, access sensitive information, or execute arbitrary code, potentially disrupting business operations and compromising data confidentiality. The issues impact any system processing malformed TIFF image metadata through these applications, with no specific sectors or geographic limitations detailed. **Technical Details** The vulnerabilities arise from improper memory handling in the vendored LibTIFF library when parsing malformed TIFF image metadata. Attackers can exploit this by supplying specially crafted TIFF files to trigger crashes or arbitrary code execution. No CVE identifiers or malware/tool names are provided. The attack vector is input-based exploitation targeting the parsing stage, affecting the execution and exploitation phases of the kill chain. No indicators of compromise (IOCs) are mentioned. **Recommended Response** Apply the latest security updates provided by Ubuntu for QT WebEngine, Texmaker, and GDAL to remediate the vulnerabilities. Standard system updates will incorporate necessary fixes. Monitor for unusual crashes or execution behavior related to TIFF file processing and restrict untrusted TIFF input where possible. No additional detection signatures or configurations are specified in the available information.

Source articles (3)

  • USN-8345-1: GDAL vulnerability — Ubuntu · 2026-05-28
    GDAL could be made to crash or run programs if it received specially crafted input. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image met…
  • USN-8346-1: Texmaker vulnerabilities — Ubuntu · 2026-05-28
    Texmaker could be made to crash or run programs if it received specially crafted input. It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF i…
  • USN-8347-1: QT WebEngine vulnerability — Ubuntu · 2026-05-28
    QT WebEngine could be made to crash or run programs if it received specially crafted input. It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malforme…

Timeline

  • 2026-05-28 — Vulnerabilities disclosed in QT WebEngine: QT WebEngine was found to have vulnerabilities due to improper handling of TIFF metadata, allowing potential denial of service and code execution.
  • 2026-05-28 — Vulnerabilities disclosed in Texmaker: Texmaker was reported to have similar vulnerabilities related to LibTIFF, potentially leading to crashes and arbitrary code execution.
  • 2026-05-28 — Vulnerabilities disclosed in GDAL: GDAL also suffers from vulnerabilities due to LibTIFF, allowing for denial of service and sensitive information exposure.

Related entities

  • Data Breach (Attack Type)
  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • Zero-day Exploit (Attack Type)
  • CWE-120 - Classic Buffer Overflow (Cwe)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Cwe-400 - Uncontrolled Resource Consumption (Cwe)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • GDAL (Platform)
  • LibTIFF (Platform)
  • Texmaker (Platform)
  • Ubuntu Pro (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed