CVE-2024-13978
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-11-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libtiff | libtiff | to 4.7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in LibTIFF up to version 4.7.0, specifically in the function t2p_read_tiff_init within the fax2ps component. It causes a null pointer dereference, which can lead to a crash or unexpected behavior. The vulnerability requires local access to exploit and is considered difficult to exploit due to high attack complexity.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause a null pointer dereference, potentially leading to application crashes or denial of service. Since the attack requires local access and is difficult to exploit, the impact is limited but could disrupt services relying on the affected LibTIFF component.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 to fix the issue in LibTIFF up to version 4.7.0. Since the vulnerability requires local access and has high attack complexity, ensure that only trusted users have local access and keep the software updated to the patched version.