158 matches found
PT-2021-18333 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: Due to lack of validation in tf.raw...
PT-2021-18295 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.2 through 2.4.x and versions prior to 2.5.0 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the...
TensorFlow 代码问题漏洞
Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow QuantizeAndDequantizeV4Grad. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...
PYSEC-2020-138
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...
PYSEC-2020-330
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...
PYSEC-2020-295
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...
CVE-2020-15265
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...
PT-2020-14325 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue allows an attacker to pass an invalid axis value to tf.quantization.quantize and dequantize, resulting in accessing a dimension outside the rank of the input tensor in the C++ kernel...
ffmpeg:ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize
Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5641113058148352 Project: ffmpeg Fuzzing Engine: afl Fuzz Target: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address:...
ffmpeg/ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize
Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5648247961419776 Project: ffmpeg Fuzzer: aflffmpegAVCODECIDATRAC9fuzzer Fuzz target binary: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ ...
DEBIAN-CVE-2018-10778
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...
MP3Gain mpglibDBL Buffer Overflow Vulnerability
MP3Gain is a MP3 file volume adjustment application. mpglibDBL is one of the MPEG file decoders. A buffer overflow vulnerability exists in the IIIdequantizesample of the layer3.c file of mpglibDBL in MP3Gain. A remote attacker could exploit this vulnerability to cause a denial of service or...
PT-2017-13452 · Mp3Gain · Mp3Gain +1
Name of the Vulnerable Software and Affected Versions: MP3Gain version 1.5.2 Description: A buffer overflow was discovered in the III dequantize sample function in layer3.c in mpglibDBL, which is used in MP3Gain. This issue causes an out-of-bounds write, potentially leading to remote denial of...
LAME III_dequantize_sample function stack buffer overflow vulnerability
LAME is an open source MP3 audio compression software. A stack buffer overflow vulnerability exists in the LAME libmpgdecoder.a/mpglib/layer3.c/IIIdequantizesample function, which allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it,...
DEBIAN-CVE-2017-9872
The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...
UBUNTU-CVE-2017-9872
The IIIdequantizesample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted audio file...
PT-2017-3783 · Lame +2 · Lame +2
Name of the Vulnerable Software and Affected Versions: LAME version 3.99.5 Description: The issue is related to a stack-based buffer overflow in the III dequantize sample function, which can be triggered by a crafted audio file. This can cause a denial of service, leading to an application crash...
UBUNTU-CVE-2016-9397
The jpcdequantize function in jpcdec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...