CVE-2021-29604 Division by zero in TFLite's implementation of hashtable lookup

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...

CVE-2021-29604

TensorFlow/TFLite hashtable lookup (HashtableLookup) is affected by a division-by-zero in hashtable_lookup.cc when the first dimension of values is 0. Root cause: num_rows derived from the 0th dimension leads to invalid division. Affected: TensorFlow/TFLite hashtable lookup; fix slated for Tensor...

CVE-2021-29605

CVE-2021-29605 is a TensorFlow/TFLite vulnerability where the TFLiteIntArray allocation path suffers an integer overflow. The function TfLiteIntArrayGetSizeInBytes(int size) can return a negative value when size is large, causing malloc to receive an invalid (potentially non-allocatable) size. Th...

CVE-2021-29606 Heap OOB read in TFLite

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

CVE-2021-29607

CVE-2021-29607 is tied to TensorFlow’s SparseAdd validation. The issue arises from incomplete validation of sparse tensor inputs (not checking emptiness or second-dimension_matches size), enabling potential undefined behavior such as null pointer dereferences and heap-out-of-bounds writes. The vu...

CVE-2021-29608

TensorFlow CVE-2021-29608 maps to a RaggedTensorToTensor validation flaw: input checks only ensure one tensor is non-empty, enabling potential heap out-of-bounds/NULL dereference undefined behavior in release builds. Multiple sources (NVD, OSV/GHSA advisories) describe a local-attack surface lead...

CVE-2021-29609

TensorFlow SparseAdd (CVE-2021-29609) has incomplete validation for sparse tensor inputs, allowing invalid tensor triples to slip through valid code paths. The vulnerability arises from not validating that inputs are non-empty and that the second dimension of *_indices matches the corresponding *...

CVE-2021-29610

CVE-2021-29610: TensorFlow QuantizeAndDequantizeV2 accepts axis values

CVE-2021-29610 Invalid validation in `QuantizeAndDequantizeV2`

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

CVE-2021-29611

TensorFlow vulnerability CVE-2021-29611: In SparseReshape, input validation is incomplete, allowing a denial-of-service via a CHECK failure. The issue affects multiple TF releases (notably the 2.3.3, 2.4.2 and 2.5.0 lines are mentioned for fixes/patches). The patch is referenced as commit 1d04d7d...

CVE-2021-29612

TensorFlow CVE-2021-29612 describes a heap-based buffer overflow in the Eigen-based tf.raw_ops.BandedTriangularSolve path. Root cause: ValidateInputTensors fails to check for empty inputs, and OP_REQUIRES validation may not propagate status, making the validation ineffective. Impact: potential co...

CVE-2021-29613

CVE-2021-29613 covers TensorFlow CTCLoss: the vulnerability is caused by incomplete validation in tf.raw_ops.CTCLoss that can trigger an out-of-bounds read from the heap (and related heap buffer overflow/null-pointer dereference conditions) as described in multiple sources. Affected: TensorFlow r...

CVE-2021-29614

CVE-2021-29614 affects TensorFlow: the tf.io.decode_raw path (padded version) mishandles fixed_length with wider datatypes, advancing the output pointer by fixed_length bytes even when only fixed_length bytes are copied. This causes parts of input not to be decoded and can lead to out-of-bounds w...

CVE-2021-29555

TensorFlow CVE-2021-29555 describes a denial-of-service vulnerability in tf.raw_ops.FusedBatchNorm caused by a division operation based on the last tensor dimension, which can be triggered by user-provided input. The issue affects the FusedBatchNorm path and has been patched; TensorFlow 2.5.0 wil...

CVE-2021-29556

CVE-2021-29556 affects TensorFlow cores with a Denial of Service via a division-by-first-dimension in tf.raw_ops.Reverse. The vulnerability arises because N = input.dim_size(0) is used to compute cost_per_unit, enabling a user-controlled trigger (through the tensor’s first dimension) to cause a F...

CVE-2021-29558 Heap buffer overflow in `SparseSplit`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

CVE-2021-29558

TensorFlow SparseSplit heap overflow (CVE-2021-29558) : Multiple security records (OSV, GHSA, CNVD, NVD) describe a heap-based overflow in tf.raw_ops.SparseSplit caused by accessing an array element using a user-controlled offset in SparseTensor.h. The vulnerability can lead to denial of service ...

CVE-2021-29559

The CVE-2021-29559 case concerns TensorFlow’s UnicodeEncode in tf.raw_ops, where heap-out-of-bounds access can occur if input_value/input_splits do not form a valid sparse tensor. Root cause: implementation assumes a valid sparse tensor, enabling data access outside heap bounds. The issue is fixe...

CVE-2021-29560

TensorFlow RaggedTensorToTensor heap-based overflow vulnerability (CVE-2021-29560) arises when the code uses the same index to access two arrays in parallel during ragged tensor to tensor conversion. An attacker-controlled input can trigger a heap OOB access when parent_output_index is shorter th...

CVE-2021-29560 Heap buffer overflow in `RaggedTensorToTensor`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...