CVE-2024-13978

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
2.5 LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
libtifflibtiff
𝑥
≤ 4.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
bookworm (security)
vulnerable
forky
4.7.0-5
fixed
sid
4.7.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
qtwebengine-opensource-src
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
texmaker
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
gdal
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
needs-triage
trusty
needs-triage
neuron
plucky
not-affected
noble
not-affected
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
Common Weakness Enumeration
References
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
https://gitlab.com/libtiff/libtiff/-/issues/649
https://gitlab.com/libtiff/libtiff/-/merge_requests/667
https://vuldb.com/?ctiid.318355
https://vuldb.com/?id.318355
https://vuldb.com/?submit.624562
https://gitlab.com/libtiff/libtiff/-/issues/649