7040 matches found
PYSEC-2021-442
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
PYSEC-2021-456
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...
PYSEC-2021-470
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...
PYSEC-2021-471
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
PYSEC-2021-445
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...
PYSEC-2021-544
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...
PYSEC-2021-537
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...
PYSEC-2021-510
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
PYSEC-2021-547
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...
PYSEC-2021-514
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...
PYSEC-2021-481
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...
PYSEC-2021-461
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...
PYSEC-2021-469
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
PYSEC-2021-463
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
PYSEC-2021-475
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...
PYSEC-2021-524
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...
PYSEC-2021-505
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-214
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-443
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-485
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...