CVE-2024-13978: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in LibTIFF versions up to 4.7.0, identified as CVE-2024-13978. The issue affects the t2preadtiff_init function in the tools/tiff2pdf.c file, specifically within the fax2ps component. The vulnerability was disclosed on August 1, 2025, and involves a null pointer dereference condition (NVD, VulDB).

The vulnerability is characterized by a null pointer dereference in the t2preadtiff_init function located in tools/tiff2pdf.c. The CVSS v3.1 base score is 2.5 (Low), with a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L. The attack requires local access and has high complexity. The vulnerability has been assigned CWE-404 (Improper Resource Shutdown or Release) and CWE-476 (NULL Pointer Dereference) classifications (NVD).

The vulnerability's impact is primarily limited to availability, with a low severity rating. When exploited, it can lead to reduced performance or interruptions in resource availability, though the attacker cannot completely deny service to legitimate users. There is no direct impact on confidentiality or integrity of the system (Snyk).

A patch has been released to address this vulnerability, identified by commit 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply this patch to affected systems. The fix addresses the null pointer dereference issue in the fax2ps component (LibTIFF Commit, LibTIFF Issue).