PT-2025-31698 · Libtiff+4 · Libtiff+4

Arthurx

Published

2025-08-01

Updated

2025-11-26

CVE-2024-13978

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions LibTIFF versions through 4.7.0

Description A vulnerability exists in LibTIFF due to a null pointer dereference in the t2p read tiff init function within the tools/tiff2pdf.c file of the fax2ps component. Exploitation requires local access and is considered difficult.

Recommendations Apply the patch 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 to resolve this issue.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

ALT-PU-2025-11161

ALT-PU-2025-11213

ALT-PU-2025-11483

ALT-PU-2025-11954

AZL-67256

AZL-67259

BDU:2025-13923

CVE-2024-13978

DLA-4315-1

ECHO-B9E1-8603-52CD

MGASA-2025-0252

OESA-2025-1978

OPENSUSE-SU-2025:15486-1

OPENSUSE-SU-2025:20049-1

SUSE-SU-2025:03348-1

SUSE-SU-2025:20971-1

SUSE-SU-2025:21009-1

SUSE-SU-2025:21032-1

SUSE-SU-2025:21037-1

SUSE-SU-2025_03348-1

SUSE-SU-2025_21009-1

Affected Products

Alt Linux

Debian

Libtiff

Red Os

Suse

PT-2025-31698 · Libtiff+4 · Libtiff+4

CVE-2024-13978

Weakness Enumeration

Related Identifiers

Affected Products

References · 70