Lucene search

K
osvGoogleOSV:CVE-2021-29586
HistoryMay 14, 2021 - 8:15 p.m.

CVE-2021-29586

2021-05-1420:15:14
Google
osv.dev
7

0.0005 Low

EPSS

Percentile

17.9%

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling ComputePaddingHeightWidth(https://github.com/tensorflow/tensorflow/blob/3f24ccd932546416ec906a02ddd183b48a1d2c83/tensorflow/lite/kernels/pooling.cc#L90). Since users can craft special models which will have params->stride_{height,width} be zero, this will result in a division by zero. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

0.0005 Low

EPSS

Percentile

17.9%