Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-13978

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

Published

2025-08-01T22:15:25.320

Last Modified

2025-11-03T19:15:42.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.5 (LOW)

CVSSv2 Vector

AV:L/AC:H/Au:S/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

1.5

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-404
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libtiff	libtiff	≤ 4.7.0	Yes

References

http://www.libtiff.org/ Product ([email protected])
https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 Patch ([email protected])
https://gitlab.com/libtiff/libtiff/-/issues/649 Exploit, Issue Tracking, Vendor Advisory ([email protected])
https://gitlab.com/libtiff/libtiff/-/merge_requests/667 Product ([email protected])
https://vuldb.com/?ctiid.318355 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.318355 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.624562 Third Party Advisory, VDB Entry ([email protected])
https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/libtiff/libtiff/-/issues/649 Exploit, Issue Tracking, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)