157 matches found
CVE-2022-21726
Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...
TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
...
BIT-TENSORFLOW-2022-21726 Out of bounds read in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...
BIT-TENSORFLOW-2022-21727 Integer overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled. PoC import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4,...
AZL-35315 CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
AZL-31214 CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
Google TensorFlow 代码问题漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A code issue vulnerability exists in TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from a zero error in MKL-enabled...
CVE-2023-25670
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
GHSA-GW97-FF7C-9V96 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
GHSA-49RQ-HWC3-X77W TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
Impact NPE in QuantizedMatMulWithBiasAndDequantize with MKL enable python import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4, dtype=tf.qint8, 'bias': 31.81644630432129, 47.21876525878906, 109.95201110839844,...
PT-2023-20229
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description TensorFlow is an open source platform for machine learning. Attackers using TensorFlow can access heap memory which is not in the control of the user, leading ...
SUSE CVE-2016-9397
The jpcdequantize function in jpcdec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...
SUSE CVE-2018-10778
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...
SUSE CVE-2021-29544
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...
SUSE CVE-2021-29553
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...
SUSE CVE-2021-29582
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
SUSE CVE-2021-29610
TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...
SUSE CVE-2021-34085
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...
SUSE CVE-2021-37645
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...