CVE-2024-13978— LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference

CVSS 2.5 · Low EPSS 0.05% · P16 Updated Nov 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13978

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

空指针解引用

Source: NVD (National Vulnerability Database)

Vulnerability Title

LibTIFF 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

LibTIFF是LibTIFF开源的一个读写TIFF（标签图像文件格式）文件的库。该库包含一些处理TIFF文件的命令行工具。 LibTIFF 4.7.0及之前版本存在安全漏洞，该漏洞源于t2p_read_tiff_init函数存在空指针取消引用问题。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	LibTIFF	4.0	-

II. Public POCs for CVE-2024-13978

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-13978

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-13978

Same Patch Batch · n/a · 2025-08-01 · 19 CVEs total

CVE-2025-51501		Microweber CMS 安全漏洞
CVE-2025-45150		LangChain-ChatGLM-Webui 安全漏洞
CVE-2025-45778		Language Sloth Web Application 安全漏洞
CVE-2025-54564		ChargePoint Home Flex 安全漏洞
CVE-2025-50869		Institute-of-Current-Students 安全漏洞
CVE-2025-50870		Institute-of-Current-Students 安全漏洞
CVE-2025-50868		CloudClassroom-PHP-Project 安全漏洞
CVE-2025-51502		Microweber CMS 安全漏洞
CVE-2025-51504		Microweber CMS 安全漏洞
CVE-2025-46018		Opay Mobile application 安全漏洞
CVE-2025-52361		AK-Nord USB-Server-LXL Firmware 安全漏洞
CVE-2025-52390		Saurus CMS Community Edition 安全漏洞
CVE-2025-50472		SWIFT 安全漏洞
CVE-2025-50460		SWIFT 安全漏洞
CVE-2019-19144		Quantum DXi6702 安全漏洞
CVE-2025-52327		Code-Projects Restaurant Order System 安全漏洞
CVE-2025-44139		Emlog Pro 安全漏洞
CVE-2025-45767		jose 安全漏洞

IV. Related Vulnerabilities

Same product: LibTIFF

Same vendor: n/a

Same weakness: CWE-476

V. Comments for CVE-2024-13978

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-13978— LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference

I. Basic Information for CVE-2024-13978

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-13978

III. Intelligence Information for CVE-2024-13978

Same Patch Batch · n/a · 2025-08-01 · 19 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-13978

Leave a comment