We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-13978

LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference



Description

EN DE

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

In LibTIFF bis 4.7.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion t2p_read_tiff_init der Datei tools/tiff2pdf.c der Komponente fax2ps. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Patch wird als 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

Reserved 2025-07-30 | Published 2025-08-01 | Updated 2025-08-01 | Assigner VulDB


LOW: 2.0CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X
LOW: 2.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
LOW: 2.5CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
1.0AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

Problem types

NULL Pointer Dereference

Denial of Service

Timeline

2025-07-30:Advisory disclosed
2025-07-30:VulDB entry created
2025-07-30:VulDB entry last update

Credits

arthurx (VulDB User) reporter

References

vuldb.com/?id.318355 (VDB-318355 | LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.318355 (VDB-318355 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.624562 (Submit #624562 | LibTIFF v4.7.0 NULL Pointer Dereference) third-party-advisory

gitlab.com/libtiff/libtiff/-/issues/649 issue-tracking

gitlab.com/libtiff/libtiff/-/merge_requests/667 patch

gitlab.com/...ommit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 patch

www.libtiff.org/ product

cve.org (CVE-2024-13978)

nvd.nist.gov (CVE-2024-13978)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-13978

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.