Null Pointer Dereference in LibTIFF's Fax2PS Tool Affects Multiple Users
CVE-2024-13978

2LOW

Key Information:

Vendor

LibTIFF

Status
Libtiff
Vendor
CVE Published:
1 August 2025

What is CVE-2024-13978?

A vulnerability in LibTIFF versions up to 4.7.0 affects the fax2ps component, specifically within the t2p_read_tiff_init function. This vulnerability can lead to a null pointer dereference, primarily local in nature, presenting a high complexity for potential exploitation. While the attack is challenging to execute, it is critical for users of LibTIFF to actively apply the provided patches to ensure their systems remain secure. Detailed information and the necessary patch can be found in the official repository.

Affected Version(s)

LibTIFF 4.0

LibTIFF 4.1

LibTIFF 4.2

References

https://vuldb.com/?id.318355
vdb-entrytechnical-description
https://vuldb.com/?ctiid.318355
signaturepermissions-required
https://vuldb.com/?submit.624562
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

arthurx (VulDB User)
.
CVE-2024-13978 : Null Pointer Dereference in LibTIFF's Fax2PS Tool Affects Multiple Users