SecurityHome.eu [USN-8347-1] QT WebEngine vulnerability

Home / mailings PDF

[USN-8347-1] QT WebEngine vulnerability
Posted on 29 May 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-8347-1
May 28, 2026

qtwebengine-opensource-src vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

QT WebEngine could be made to crash or run programs if it received specially
crafted input.

Software Description:
- qtwebengine-opensource-src: QT application web browser engine

Details:

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly
handled memory when parsing malformed TIFF image metadata. An attacker
could possibly use this issue to cause a denial of service, obtain
sensitive information, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libqt5webengine-data 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webengine5 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginecore5 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginewidgets5 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
qml-module-qtwebengine 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev-tools 5.15.19+dfsg2-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
libqt5pdf5 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5pdfwidgets5 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webengine-data 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webengine5 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginecore5 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginewidgets5 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qml-module-qtquick-pdf 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qml-module-qtwebengine 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qt5-image-formats-plugin-pdf 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qtpdf5-dev 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev-tools 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-private-dev 5.15.16+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libqt5pdf5 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5pdfwidgets5 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webengine-data 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webengine5 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginecore5 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libqt5webenginewidgets5 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qml-module-qtquick-pdf 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qml-module-qtwebengine 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qt5-image-formats-plugin-pdf 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qtpdf5-dev 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
qtwebengine5-dev-tools 5.15.9+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libqt5webengine-data 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
libqt5webengine5 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
libqt5webenginecore5 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
libqt5webenginewidgets5 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
qml-module-qtwebengine 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
qtwebengine5-dev 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro
qtwebengine5-dev-tools 5.12.8+dfsg-0ubuntu1.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libqt5webengine-data 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
libqt5webengine5 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
libqt5webenginecore5 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
libqt5webenginewidgets5 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
qml-module-qtwebengine 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
qtwebengine5-dev 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro
qtwebengine5-dev-tools 5.9.5+dfsg-0ubuntu2+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8347-1
CVE-2025-9900

--===============1543227646536408756==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20