Ubuntu alert USN-8347-1 (qtwebengine-opensource-src)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8347-1] QT WebEngine vulnerability | |
| Date: | Fri, 29 May 2026 18:29:49 +0000 | |
| Message-ID: | <E1wT1xt-0000Yp-7i@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8347-1 May 28, 2026 qtwebengine-opensource-src vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: QT WebEngine could be made to crash or run programs if it received specially crafted input. Software Description: - qtwebengine-opensource-src: QT application web browser engine Details: It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libqt5webengine-data 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webengine5 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginecore5 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginewidgets5 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro qml-module-qtwebengine 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev-tools 5.15.19+dfsg2-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 24.04 LTS libqt5pdf5 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libqt5pdfwidgets5 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webengine-data 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webengine5 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginecore5 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginewidgets5 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qml-module-qtquick-pdf 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qml-module-qtwebengine 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qt5-image-formats-plugin-pdf 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qtpdf5-dev 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev-tools 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-private-dev 5.15.16+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libqt5pdf5 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libqt5pdfwidgets5 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webengine-data 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webengine5 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginecore5 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro libqt5webenginewidgets5 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qml-module-qtquick-pdf 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qml-module-qtwebengine 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qt5-image-formats-plugin-pdf 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qtpdf5-dev 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro qtwebengine5-dev-tools 5.15.9+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libqt5webengine-data 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro libqt5webengine5 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro libqt5webenginecore5 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro libqt5webenginewidgets5 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro qml-module-qtwebengine 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro qtwebengine5-dev 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro qtwebengine5-dev-tools 5.12.8+dfsg-0ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libqt5webengine-data 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro libqt5webengine5 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro libqt5webenginecore5 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro libqt5webenginewidgets5 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro qml-module-qtwebengine 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro qtwebengine5-dev 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro qtwebengine5-dev-tools 5.9.5+dfsg-0ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8347-1 CVE-2025-9900
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoZ1BYACgkQcpJm3tlz hgFRXw/+JRdBhp1Pwulevs96L1HzYnykpW0O8XkG0ZE/GLugdcyd3RRKuzqa7eCN VnR5bOr0BxhMaS8YLI6b6EG6aRUsiOFFJlGF+uxFdGsoSAr4bK9nMkgh2e0tZHsE FsYHZ72+iPMrLXgWvq+4DhzTmqf6Z3IVi6W0ZFUpED2TMvrzYVkbj528vbJrzomS VCzBl5JnJd1lFnASNH8NVw2H6ZYfrMAZaZUd144VwZ4nNk0XAArxUVr13SWA6nDV Z2AE4diEanh0gLWMgrdM4zkLB6AYxytr2gOJmq82nGRjdXU84NiCyBDxR8PSWrGE 9VR/gHeoFyIFcjshlDOT+ANYZDsQM2qM8T8UDdingyswqVUSueR0r+S5E+IaCaku 4xaG1IvadSPKjPS+BcE7xbyV11uY/XH92JVFLSH3dl09YRHd3YRascbmo/cCbtnK +awejjEhOyeejLNQPTws8GF9dYt6DV8Qm3Dx30AwsCpxnqwqgScpXAQQ76GSXBHz /Fjil0qRkxsesVe2R/+5QiHsakDRbn54nOc9eY+XpidJa+Yc6NOx7ZUWTlhIFb1i ueUERqnoS8BrvZmezaGKEwX2w0yHrfYq4R0H9SBiI0ACkX/gOlhNfO4sNIEndXNZ TdahwfRE+bMomvKDxk/AAcizZUZxzcnos0YomIvno1vUnTyaAdg= =6KYB -----END PGP SIGNATURE-----