PYSEC-2021-452

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

PYSEC-2021-444

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

PYSEC-2021-493

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

PYSEC-2021-476

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

PYSEC-2021-468

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

PYSEC-2021-528

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

PYSEC-2021-467

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...

PYSEC-2021-488

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

PYSEC-2021-464

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

PYSEC-2021-530

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

PYSEC-2021-448

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

PYSEC-2021-454

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...

PYSEC-2021-514

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...

CVE-2021-29513

TensorFlow vulnerability CVE-2021-29513 arises when calling TF operations with tensors of non-numeric types, causing a null pointer dereference due to a type confusion in the Python-to-C++ array conversion (ndarray_tensor.cc). Root cause: PyArray_DESCR_to_TF_DataType path can dereference NULL in ...

CVE-2021-29514

TensorFlow RaggedBincount vulnerability (CVE-2021-29514) in the RaggedBincount kernel can cause a heap out-of-bounds write when the splits argument references an invalid SparseTensor, leading to a write at out(-1, bin). The issue is triggered by setting splits(0) to 7, causing batch_idx to remain...

CVE-2021-29515

The CVE-2021-29515 issue affects TensorFlow MatrixDiag* ops: input tensors are not validated to be non-empty, which can lead to a null pointer dereference. The root cause is in MatrixDiagV2/V3 path handling inputs, and patches fix the issue (commit a7116dd39…) with the fix slated for TensorFlow 2...

CVE-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

CVE-2021-29516

TensorFlow CVE-2021-29516 describes a null pointer dereference in tf.raw_ops.RaggedTensorToVariant when provided with an invalid ragged tensor. The issue arises because batched_ragged.splits(0) is dereferenced without validating non-emptiness. Affected: TensorFlow and related entries indicate the...

CVE-2021-29516 Null pointer dereference via invalid Ragged Tensors

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

CVE-2021-29517

CVE-2021-29517 affects TensorFlow Conv3D: division-by-zero in the Conv3D kernel caused by a modulo on user input (fifth filter dimension), potentially triggering an Eigen assertion and a crash. The issue is addressed by a TensorFlow fix in 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3 and 2.1.4...