QwikSec

Security Database

CVE

CWE

Training

CVE-2024-13978

Published: Aug 1, 2025

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

2.5

LOW

Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
n/a	LibTIFF	affected `4.0` affected `4.1` affected `4.2` affected `4.3` affected `4.4` +3 more versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-318355 | LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference

vdb-entry

technical-description

VDB-318355 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #624562 | LibTIFF v4.7.0 NULL Pointer Dereference

third-party-advisory

https://gitlab.com/libtiff/libtiff/-/issues/649

issue-tracking

https://gitlab.com/libtiff/libtiff/-/merge_requests/667

patch

https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4

patch

http://www.libtiff.org/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.