7041 matches found
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...
PYSEC-2021-214
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-513
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
PYSEC-2021-467
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...
PYSEC-2021-505
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-542
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...
PYSEC-2021-509
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...
PYSEC-2021-455
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...
PYSEC-2021-514
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...
PYSEC-2021-446
TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...
PYSEC-2021-463
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
PYSEC-2021-536
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...
PYSEC-2021-442
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
PYSEC-2021-466
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...
PYSEC-2021-523
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...
PYSEC-2021-526
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...
PYSEC-2021-441
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++...
PYSEC-2021-469
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
PYSEC-2021-510
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...