CVE-2024-13978
Publication date 1 August 2025
Last updated 10 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| qtwebengine-opensource-src | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| texmaker | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage | |
| gdal | 26.04 LTS resolute |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage | |
| 14.04 LTS trusty |
Needs evaluation
|
|
| neuron | 26.04 LTS resolute |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| tiff | 26.04 LTS resolute |
Fixed 4.7.0-3ubuntu2
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
Severity score breakdown
CVSS version:
Base score
2.0 · Low
Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Base score
2.5 · Low
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-13978
- https://gitlab.com/libtiff/libtiff/-/issues/649
- https://gitlab.com/libtiff/libtiff/-/issues/650
- https://gitlab.com/libtiff/libtiff/-/merge_requests/667
- https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1
- https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
- http://www.libtiff.org/
- https://vuldb.com/?ctiid.318355
- https://vuldb.com/?id.318355
- https://vuldb.com/?submit.624562