7075 matches found
CVE-2021-29597 Division by zero in TFLite's implementation of `SpaceToBatchNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...
CVE-2021-29598 Division by zero in TFLite's implementation of `SVDF`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...
CVE-2021-29598
The CVE-2021-29598 entry concerns TensorFlow’s SVDF TFLite operator, where a division-by-zero can occur if params->rank is 0. The SVDF implementation in TensorFlow Lite is the affected component; the root cause is a rank-dependent modulo check that can fail when rank is 0, leading to a crash/d...
CVE-2021-29599 Division by zero in TFLite's implementation of `Split`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...
CVE-2021-29599
TensorFlow: Split TFLite operator vulnerability due to division by zero when num_splits == 0. The issue affects the Split path in TensorFlow’s TFLite kernels; an attacker could craft a model triggering the fault. The fix is scheduled for TensorFlow 2.5.0, with cherry-picks to TF 2.4.2, 2.3.3, 2.2...
CVE-2021-29600
Summary: CVE-2021-29600 concerns TensorFlow’s TFLite OneHot operator, where the division-by-zero arises from prefix_dim_size calculation when an indices dimension is 0. This is triggered by crafted models and affects multiple TensorFlow/TFLite release lines, with a fix planned for TensorFlow 2.5....
CVE-2021-29601
TensorFlow/TFLite concatentation is vulnerable to an integer overflow in the TFLite kernel used for concatenation. The issue arises because TFLite uses int for tensor dimensions while TensorFlow uses int64, allowing crafted inputs where a concatenation dimension overflows an int. Public details i...
CVE-2021-29601 Integer overflow in TFLite concatentation
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...
CVE-2021-29602
The CVE-2021-29602 issue affects TensorFlow’s TFLite DepthwiseConv operator. The vulnerability is a division-by-zero in the DepthwiseConv implementation, triggered when input’s fourth dimension is 0. The root cause and affected code are documented in depthwise_conv.cc, and multiple advisories acr...
CVE-2021-29602 Division by zero in TFLite's implementation of `DepthwiseConv`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
CVE-2021-29603
CVE-2021-29603 describes a heap out-of-bounds write in the TFLite ArgMin/ArgMax path of TensorFlow’s runtime. A specially crafted TFLite model can trigger the write when axis_value is not in [0, NumDimensions(input)], causing code to write past output_dims->data. Root cause: incorrect handling...
CVE-2021-29604
TensorFlow/TFLite hashtable lookup (HashtableLookup) is affected by a division-by-zero in hashtable_lookup.cc when the first dimension of values is 0. Root cause: num_rows derived from the 0th dimension leads to invalid division. Affected: TensorFlow/TFLite hashtable lookup; fix slated for Tensor...
CVE-2021-29604 Division by zero in TFLite's implementation of hashtable lookup
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...
CVE-2021-29605
CVE-2021-29605 is a TensorFlow/TFLite vulnerability where the TFLiteIntArray allocation path suffers an integer overflow. The function TfLiteIntArrayGetSizeInBytes(int size) can return a negative value when size is large, causing malloc to receive an invalid (potentially non-allocatable) size. Th...
CVE-2021-29606 Heap OOB read in TFLite
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...
CVE-2021-29607
CVE-2021-29607 is tied to TensorFlow’s SparseAdd validation. The issue arises from incomplete validation of sparse tensor inputs (not checking emptiness or second-dimension_matches size), enabling potential undefined behavior such as null pointer dereferences and heap-out-of-bounds writes. The vu...
CVE-2021-29608
TensorFlow CVE-2021-29608 maps to a RaggedTensorToTensor validation flaw: input checks only ensure one tensor is non-empty, enabling potential heap out-of-bounds/NULL dereference undefined behavior in release builds. Multiple sources (NVD, OSV/GHSA advisories) describe a local-attack surface lead...
CVE-2021-29609
TensorFlow SparseAdd (CVE-2021-29609) has incomplete validation for sparse tensor inputs, allowing invalid tensor triples to slip through valid code paths. The vulnerability arises from not validating that inputs are non-empty and that the second dimension of *_indices matches the corresponding *...
CVE-2021-29610
CVE-2021-29610: TensorFlow QuantizeAndDequantizeV2 accepts axis values
CVE-2021-29610 Invalid validation in `QuantizeAndDequantizeV2`
TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...