A memory handling flaw (CVE-2025-9900, CVSS 8.8 HIGH) in the LibTIFF library bundled with GDAL can be triggered by parsing malformed TIFF image metadata, potentially leading to denial of service, information disclosure, or arbitrary code execution. The vulnerability affects specific GDAL packages for Ubuntu 14.04 LTS and 16.04 LTS, as listed in the USN. A standard system update to the provided package versions will remediate the issue.
Ubuntu Security Notices USN-8345-1 USN-8345-1: GDAL vulnerability Publication date 28 May 2026 Overview GDAL could be made to crash or run programs if it received specially crafted input. Releases 16.04 LTS 14.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages gdal - Geospatial Data Abstraction Library Details It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 16.04 LTS xenial gdal-bin β 1.11.3+dfsg-3ubuntu0.1~esm1 libgdal-dev β 1.11.3+dfsg-3ubuntu0.1~esm1 libgdal-java β 1.11.3+dfsg-3ubuntu0.1~esm1 libgdal-perl β 1.11.3+dfsg-3ubuntu0.1~esm1 libgdal1i β 1.11.3+dfsg-3ubuntu0.1~esm1 python-gdal β 1.11.3+dfsg-3ubuntu0.1~esm1 python3-gdal β 1.11.3+dfsg-3ubuntu0.1~esm1 14.04 LTS trusty gdal-bin β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libgdal-dev β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libgdal-java β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libgdal-perl β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libgdal1h β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. python-gdal β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. python3-gdal β 1.10.1+dfsg-5ubuntu1+esm2 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2025-9900 CVE-2025-9900 Related notices USN-8347-1 USN-8346-1 USN-7783-1 USN-8347-1 USN-8346-1 USN-7783-1