Home / mailingsPDF  

[USN-8345-1] GDAL vulnerability

Posted on 29 May 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8345-1
May 28, 2026

gdal vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

GDAL could be made to crash or run programs if it received specially
crafted input.

Software Description:
- gdal: Geospatial Data Abstraction Library

Details:

It was discovered that the vendored LibTIFF in GDAL incorrectly handled
memory when parsing malformed TIFF image metadata. An attacker could
possibly use this issue to cause a denial of service, obtain sensitive
information, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
gdal-bin 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libgdal-dev 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libgdal-java 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libgdal-perl 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libgdal1i 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
python-gdal 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
python3-gdal 1.11.3+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
gdal-bin 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
libgdal-dev 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
libgdal-java 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
libgdal-perl 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
libgdal1h 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
python-gdal 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro
python3-gdal 1.10.1+dfsg-5ubuntu1+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8345-1
CVE-2025-9900

--===============0172856282710310987==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :