Tensorflow Security Vulnerabilities
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropFilter. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.raw_ops.SparseMatrixSparseCholesky. This is because the...
7.8CVSS
7.6AI Score
0.001EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
7.8CVSS
7.8AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is....
7.8CVSS
7.5AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decode_raw produces incorrect results and crashes the Python interpreter when combining fixed_length and wider datatypes. The implementation of the padded...
7.8CVSS
7.6AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...
5.5CVSS
5.5AI Score
0.001EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...
7.8CVSS
7.8AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad. This is because the...
5.5CVSS
5.3AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also....
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.raw_ops.SparseSplit. This is because the...
7.8CVSS
7.8AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.raw_ops.SparseFillEmptyRows. This is because of missing...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...
7.8CVSS
7.7AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...
7.8CVSS
6.3AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.raw_ops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
7.1CVSS
6.8AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++...
7.8CVSS
7.5AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.raw_ops.Conv2D. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.raw_ops.QuantizedMul. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...
7.8CVSS
7.8AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.raw_ops.ImmutableConst(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor...
5.5CVSS
5.6AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...
7.8CVSS
7.5AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolve(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate...
5.5CVSS
5.5AI Score
0.001EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.raw_ops.QuantizeAndDequantizeV3. This is because the...
7.1CVSS
6.9AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,.....
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.raw_ops.ParameterizedTruncatedNormal. This is because the...
7.8CVSS
7.5AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...
7.8CVSS
7.5AI Score
0.0005EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.raw_ops.StringNGrams. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.raw_ops.StringNGrams. This is because the...
5.5CVSS
5.7AI Score
0.001EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the...
5.5CVSS
5.5AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The...
7.8CVSS
7.7AI Score
0.001EPSS
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput. This is because the...
5.5CVSS
5.4AI Score
0.0004EPSS
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensor(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from....
7.8CVSS
7.6AI Score
0.0005EPSS
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the...
4.4CVSS
4.8AI Score
0.0004EPSS
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.....
5.3CVSS
5.5AI Score
0.001EPSS
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer....
3.3CVSS
3.9AI Score
0.0004EPSS
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes......
7.8CVSS
7.5AI Score
0.0005EPSS
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...
7.5CVSS
7.3AI Score
0.001EPSS
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst...
3.3CVSS
3.8AI Score
0.0004EPSS
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...
7.5CVSS
7.1AI Score
0.002EPSS
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and.....
7.5CVSS
7.1AI Score
0.002EPSS
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.raw_ops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor....
5.3CVSS
5.2AI Score
0.002EPSS
In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights...
9.9CVSS
9.2AI Score
0.002EPSS
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the code sets...
5.9CVSS
5.9AI Score
0.003EPSS
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the data_splits argument of tf.raw_ops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after....
9.8CVSS
9.2AI Score
0.002EPSS
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b...
6.5CVSS
6.8AI Score
0.002EPSS
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...
8.1CVSS
7.8AI Score
0.003EPSS