Primary

Context

LibTIFF Null Pointer Dereference Vulnerability in Fax2ps Utility

Vulnerability

A null pointer dereference vulnerability exists in the LibTIFF library, specifically in version 4.7.0 and prior. The issue is present in the 'fax2ps' utility, within the 't2p_read_tiff_init' function of 'tools/tiff2pdf.c'. This vulnerability arises when the utility processes a malformed TIFF file, leading to a segmentation fault and application crash. The problem occurs if the TIFFTAG_FAXFILLFUNC mechanism is active, causing the utility to write to a null output buffer.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a crash of the 'fax2ps' application.

Reproduction

The vulnerability can be reproduced by using a malformed TIFF file with the 'fax2ps' tool. After compiling LibTIFF with AddressSanitizer enabled, the 'fax2ps' command can be run with the malformed file as input. This will trigger the null pointer dereference, causing a segmentation fault.

Remediation

Users are advised to update to the latest version of LibTIFF, where this vulnerability has been fixed.

Added: Aug 1, 2025, 10:22 PM

Updated: Aug 1, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibTIFF Null Pointer Dereference Vulnerability in Fax2ps Utility

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LibTIFF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating