3084 matches found
CVE-2021-29589
CVE-2021-29589 concerns TensorFlow GatherNd in TFLite. The vulnerability is a division-by-zero error when the params input is an empty tensor, triggered by constructing a model that makes params_shape.Dims(.) zero. This can cause a denial of service. A fix is included in TensorFlow 2.5.0, with ch...
CVE-2021-29590
TensorFlow/TFLite Minimum and Maximum operators are vulnerable to a heap-based out-of-bounds read when either input tensor is empty, due to broadcasting code indexing both tensors without bounds validation. The issue affects TF/TFLite, with fixes planned for TensorFlow 2.5.0 and cherry-picked bac...
CVE-2021-29591
TensorFlow/TfLite vulnerability CVE-2021-29591 stems from loops in TFlite subgraphs (example: While) allowing potential infinite recursion and stack exhaustion during evaluation. Affected: TensorFlow/TfLite; root cause: unchecked looping between body and loop subgraphs. Impact described as stack ...
CVE-2021-29592
Summary: CVE-2021-29592 is a null pointer dereference in TensorFlow’s TFLite Reshape operator. The issue arises when the target shape is supplied by a 1-D tensor; a fix previously for CVE-2020-15209 was incomplete, potentially allowing a null buffer to be treated as valid input for a 1-D shape, l...
CVE-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...
CVE-2021-29594
This CVE refers to TensorFlow/TFLite: the convolution code in TFLite may perform divisions where the divisor is user-controlled and not checked for zero, risking abnormal behavior or a crash. The root cause is division by zero in the TFLite convolution path (conv.cc). The issue is mitigated by a ...
CVE-2021-29594 Division by zero in TFLite's convolution code
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
CVE-2021-29595
TensorFlow/TFLite: DepthToSpace division-by-zero in the DepthToSpace TFLite operator. A model with block_size = 0 triggers a fault in the calculation of output_channels, per the cited code path. A fix is planned for TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3, and 2.1.4 (still in s...
CVE-2021-29597 Division by zero in TFLite's implementation of `SpaceToBatchNd`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...
CVE-2021-29597
TensorFlow/TFLite SpaceToBatchNd is vulnerable to a division-by-zero error when a dimension of the block input is 0, enabling crafted inputs to trigger a fault in the operator. Affected: TensorFlow’s SpaceToBatchNd (TFLite kernel). Root cause: division by zero in the SpaceToBatchNd kernel when fi...
CVE-2021-29598
The CVE-2021-29598 entry concerns TensorFlow’s SVDF TFLite operator, where a division-by-zero can occur if params->rank is 0. The SVDF implementation in TensorFlow Lite is the affected component; the root cause is a rank-dependent modulo check that can fail when rank is 0, leading to a crash/d...
CVE-2021-29598 Division by zero in TFLite's implementation of `SVDF`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...
CVE-2021-29599
TensorFlow: Split TFLite operator vulnerability due to division by zero when num_splits == 0. The issue affects the Split path in TensorFlow’s TFLite kernels; an attacker could craft a model triggering the fault. The fix is scheduled for TensorFlow 2.5.0, with cherry-picks to TF 2.4.2, 2.3.3, 2.2...
CVE-2021-29599 Division by zero in TFLite's implementation of `Split`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...
CVE-2021-29600
Summary: CVE-2021-29600 concerns TensorFlow’s TFLite OneHot operator, where the division-by-zero arises from prefix_dim_size calculation when an indices dimension is 0. This is triggered by crafted models and affects multiple TensorFlow/TFLite release lines, with a fix planned for TensorFlow 2.5....
CVE-2021-29601
TensorFlow/TFLite concatentation is vulnerable to an integer overflow in the TFLite kernel used for concatenation. The issue arises because TFLite uses int for tensor dimensions while TensorFlow uses int64, allowing crafted inputs where a concatenation dimension overflows an int. Public details i...
CVE-2021-29601 Integer overflow in TFLite concatentation
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...
CVE-2021-29602
The CVE-2021-29602 issue affects TensorFlow’s TFLite DepthwiseConv operator. The vulnerability is a division-by-zero in the DepthwiseConv implementation, triggered when input’s fourth dimension is 0. The root cause and affected code are documented in depthwise_conv.cc, and multiple advisories acr...
CVE-2021-29602 Division by zero in TFLite's implementation of `DepthwiseConv`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
CVE-2021-29603
CVE-2021-29603 describes a heap out-of-bounds write in the TFLite ArgMin/ArgMax path of TensorFlow’s runtime. A specially crafted TFLite model can trigger the write when axis_value is not in [0, NumDimensions(input)], causing code to write past output_dims->data. Root cause: incorrect handling...