Lucene search
+L

158 matches found

ptsecurity
ptsecurity
added 2021/05/14 12:0 a.m.3 views

PT-2021-18333 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: Due to lack of validation in tf.raw...

7.1CVSS6.7AI score0.00198EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2021/05/14 12:0 a.m.5 views

PT-2021-18295 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.2 through 2.4.x and versions prior to 2.5.0 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the...

5.5CVSS6.8AI score0.0031EPSS
Exploits1References15
cnnvd
cnnvd
added 2021/05/14 12:0 a.m.6 views

TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow QuantizeAndDequantizeV4Grad. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...

5.5CVSS5.7AI score0.0031EPSS
Exploits1References5
pypa
pypa
added 2020/10/21 9:15 p.m.9 views

PYSEC-2020-138

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00896EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2020/10/21 9:15 p.m.10 views

PYSEC-2020-330

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00896EPSS
Exploits1References3Affected Software1
pypa
pypa
added 2020/10/21 9:15 p.m.12 views

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00896EPSS
Exploits1References3Affected Software1
debiancve
debiancve
added 2020/10/21 8:20 p.m.8 views

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00896EPSS
Exploits1
ptsecurity
ptsecurity
added 2020/10/21 12:0 a.m.5 views

PT-2020-14325 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue allows an attacker to pass an invalid axis value to tf.quantization.quantize and dequantize, resulting in accessing a dimension outside the rank of the input tensor in the C++ kernel...

7.5CVSS7.2AI score0.00896EPSS
Exploits1References14
ossfuzz
ossfuzz
added 2019/10/18 10:7 a.m.17 views

ffmpeg:ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5641113058148352 Project: ffmpeg Fuzzing Engine: afl Fuzz Target: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address:...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2019/08/08 4:37 p.m.20 views

ffmpeg/ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5648247961419776 Project: ffmpeg Fuzzer: aflffmpegAVCODECIDATRAC9fuzzer Fuzz target binary: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ ...

7AI score
Exploits0Affected Software1
osv
osv
added 2018/05/07 7:29 a.m.4 views

DEBIAN-CVE-2018-10778

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...

7.8CVSS7.5AI score0.0107EPSS
Exploits0References1
cnvd
cnvd
added 2017/09/19 12:0 a.m.4 views

MP3Gain mpglibDBL Buffer Overflow Vulnerability

MP3Gain is a MP3 file volume adjustment application. mpglibDBL is one of the MPEG file decoders. A buffer overflow vulnerability exists in the IIIdequantizesample of the layer3.c file of mpglibDBL in MP3Gain. A remote attacker could exploit this vulnerability to cause a denial of service or...

7.8CVSS7.8AI score0.01564EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2017/09/13 12:0 a.m.5 views

PT-2017-13452 · Mp3Gain · Mp3Gain +1

Name of the Vulnerable Software and Affected Versions: MP3Gain version 1.5.2 Description: A buffer overflow was discovered in the III dequantize sample function in layer3.c in mpglibDBL, which is used in MP3Gain. This issue causes an out-of-bounds write, potentially leading to remote denial of...

7.8CVSS8.1AI score0.01564EPSS
Exploits0References12
cnvd
cnvd
added 2017/06/27 12:0 a.m.6 views

LAME III_dequantize_sample function stack buffer overflow vulnerability

LAME is an open source MP3 audio compression software. A stack buffer overflow vulnerability exists in the LAME libmpgdecoder.a/mpglib/layer3.c/IIIdequantizesample function, which allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it,...

7.8CVSS7.3AI score0.0979EPSS
Exploits0References1
osv
osv
added 2017/06/25 7:29 p.m.2 views

DEBIAN-CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

7.8CVSS7.8AI score0.0979EPSS
Exploits0References1
osv
osv
added 2017/06/25 7:29 p.m.9 views

UBUNTU-CVE-2017-9872

The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...

7.8CVSS7.5AI score0.0979EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2017/06/08 12:0 a.m.3 views

PT-2017-3783 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue is related to a stack-based buffer overflow in the III dequantize sample function, which can be triggered by a crafted audio file. This can cause a denial of service, leading to an application crash...

9.8CVSS6.8AI score0.0979EPSS
Exploits12References84
osv
osv
added 2017/03/23 6:59 p.m.4 views

UBUNTU-CVE-2016-9397

The jpcdequantize function in jpcdec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...

7.5CVSS7.2AI score0.03588EPSS
Exploits0References4
Rows per page
Query Builder