7040 matches found
CVE-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...
CVE-2021-29594 Division by zero in TFLite's convolution code
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
CVE-2021-29594
This CVE refers to TensorFlow/TFLite: the convolution code in TFLite may perform divisions where the divisor is user-controlled and not checked for zero, risking abnormal behavior or a crash. The root cause is division by zero in the TFLite convolution path (conv.cc). The issue is mitigated by a ...
CVE-2021-29595
TensorFlow/TFLite: DepthToSpace division-by-zero in the DepthToSpace TFLite operator. A model with block_size = 0 triggers a fault in the calculation of output_channels, per the cited code path. A fix is planned for TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3, and 2.1.4 (still in s...
CVE-2021-29597
TensorFlow/TFLite SpaceToBatchNd is vulnerable to a division-by-zero error when a dimension of the block input is 0, enabling crafted inputs to trigger a fault in the operator. Affected: TensorFlow’s SpaceToBatchNd (TFLite kernel). Root cause: division by zero in the SpaceToBatchNd kernel when fi...
CVE-2021-29597 Division by zero in TFLite's implementation of `SpaceToBatchNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...
CVE-2021-29598
The CVE-2021-29598 entry concerns TensorFlow’s SVDF TFLite operator, where a division-by-zero can occur if params->rank is 0. The SVDF implementation in TensorFlow Lite is the affected component; the root cause is a rank-dependent modulo check that can fail when rank is 0, leading to a crash/d...
CVE-2021-29598 Division by zero in TFLite's implementation of `SVDF`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...
CVE-2021-29599
TensorFlow: Split TFLite operator vulnerability due to division by zero when num_splits == 0. The issue affects the Split path in TensorFlow’s TFLite kernels; an attacker could craft a model triggering the fault. The fix is scheduled for TensorFlow 2.5.0, with cherry-picks to TF 2.4.2, 2.3.3, 2.2...
CVE-2021-29599 Division by zero in TFLite's implementation of `Split`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...
CVE-2021-29600
Summary: CVE-2021-29600 concerns TensorFlow’s TFLite OneHot operator, where the division-by-zero arises from prefix_dim_size calculation when an indices dimension is 0. This is triggered by crafted models and affects multiple TensorFlow/TFLite release lines, with a fix planned for TensorFlow 2.5....
CVE-2021-29601
TensorFlow/TFLite concatentation is vulnerable to an integer overflow in the TFLite kernel used for concatenation. The issue arises because TFLite uses int for tensor dimensions while TensorFlow uses int64, allowing crafted inputs where a concatenation dimension overflows an int. Public details i...
CVE-2021-29601 Integer overflow in TFLite concatentation
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...
CVE-2021-29602 Division by zero in TFLite's implementation of `DepthwiseConv`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
CVE-2021-29602
The CVE-2021-29602 issue affects TensorFlow’s TFLite DepthwiseConv operator. The vulnerability is a division-by-zero in the DepthwiseConv implementation, triggered when input’s fourth dimension is 0. The root cause and affected code are documented in depthwise_conv.cc, and multiple advisories acr...
CVE-2021-29603
CVE-2021-29603 describes a heap out-of-bounds write in the TFLite ArgMin/ArgMax path of TensorFlow’s runtime. A specially crafted TFLite model can trigger the write when axis_value is not in [0, NumDimensions(input)], causing code to write past output_dims->data. Root cause: incorrect handling...
CVE-2021-29604
TensorFlow/TFLite hashtable lookup (HashtableLookup) is affected by a division-by-zero in hashtable_lookup.cc when the first dimension of values is 0. Root cause: num_rows derived from the 0th dimension leads to invalid division. Affected: TensorFlow/TFLite hashtable lookup; fix slated for Tensor...
CVE-2021-29604 Division by zero in TFLite's implementation of hashtable lookup
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...
CVE-2021-29605
CVE-2021-29605 is a TensorFlow/TFLite vulnerability where the TFLiteIntArray allocation path suffers an integer overflow. The function TfLiteIntArrayGetSizeInBytes(int size) can return a negative value when size is large, causing malloc to receive an invalid (potentially non-allocatable) size. Th...
CVE-2021-29606 Heap OOB read in TFLite
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...