3084 matches found
CVE-2021-29530 Invalid validation in `SparseMatrixSparseCholesky`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...
CVE-2021-29530
CVE-2021-29530 concerns TensorFlow’s SparseMatrixSparseCholesky: passing an invalid permutation could trigger a null pointer dereference due to incomplete input validation in the underlying code, allowing continuation after a failed check. Public sources (NVD, OSV, GHSA) describe the issue in Ten...
CVE-2021-29531
CVE-2021-29531 affects TensorFlow and relates to a denial-of-service risk in PNG encoding when an attacker supplies an empty input tensor for pixel data. The issue stems from encode_png_op.cc validating only total pixel count and passing image data to png::WriteImageToBuffer, which calls CHECK_NO...
CVE-2021-29532
Summary: CVE-2021-29532 affects TensorFlow and describes a heap out-of-bounds read in RaggedCross when processing tensors, due to missing validation of user-supplied indices in ragged/dense/sparse paths. The vulnerability arises from code that uses list indices (e.g., next_ragged/next_sparse/next...
CVE-2021-29532 Heap out of bounds read in `RaggedCross`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
CVE-2021-29533
TensorFlow DrawBoundingBoxes (CVE-2021-29533) is affected by a CHECK_-driven input validation flaw that can crash the program when an empty image is passed. The root cause is input validation using CHECK_ instead of OP_REQUIRES, causing a negative max_box_row_clamp and a crash. The fix is include...
CVE-2021-29534
TensorFlow vulnerability CVE-2021-29534 concerns a CHECK-fail in tf.raw_ops.SparseConcat caused by using shapes[0] to define the output shape, leading to a denial of service via overflow in TensorShape initialization. Affected behavior occurs when shape dimensions are overflowed during InitDims/A...
CVE-2021-29535
CVE-2021-29535 affects TensorFlow’s QuantizedMul implementation. The vulnerability arises when four quantization thresholds are passed as inputs and may be empty tensors, causing a heap buffer overflow by accessing .flat()(0) on an empty buffer. This is rooted in the code path in quantized_mul_op...
CVE-2021-29535 Heap buffer overflow in `QuantizedMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...
CVE-2021-29536
TensorFlow’s CVE-2021-29536 is a heap buffer overflow in QuantizedReshape triggered when the input_min/input_max tensors are empty. The issue arises because code assumes scalar inputs and accesses .flat()(0), which overflows if the tensors contain no elements. The fix is included in TensorFlow 2....
CVE-2021-29537
CVE-2021-29537 affects TensorFlow: a heap buffer overflow in QuantizedResizeBilinear triggered by invalid quantization thresholds. Root cause is assuming two scalar inputs are valid and directly indexing their values; if min/max tensors are empty, accessing element 0 overflows. Public details con...
CVE-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...
CVE-2021-29538
TensorFlow CVE-2021-29538 concerns a division-by-zero in Conv2DBackpropFilter. The issue arises when shapes are empty, causing work_unit_size to be 0 and a divide operation to throw a runtime error, enabling potential denial-of-service conditions. Concrete details in connected docs specify the af...
CVE-2021-29539 Segfault in tf.raw_ops.ImmutableConst
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...
CVE-2021-29539
TensorFlow CVE-2021-29539 describes a segfault in tf.raw_ops.ImmutableConst when dtype is tf.resource or tf.variant. Root cause: the implementation assumes scalar contents, leading to a crash. A fix was committed (4f663d4b8f0bec1b48da6fa091a7d29609980fa4) and TensorFlow 2.5.0 will include the pat...
CVE-2021-29540 Heap buffer overflow in `Conv2DBackpropFilter`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...
CVE-2021-29540
TensorFlow CVE-2021-29540 describes a heap-based buffer overflow in Conv2DBackpropFilter caused by calculating the filter tensor size without validating it against filter_sizes. This mismatch can lead to out-of-bounds reads/writes when accessing the buffer. The issue affects multiple TensorFlow v...
CVE-2021-29541 Null pointer dereference in `StringNGrams`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
CVE-2021-29541
CVE-2021-29541 : TensorFlow StringNGrams vulnerability — the implementation of data_splits is not fully validated, allowing a null pointer dereference when ngram computation leads to zero/negative output size. This can cause a crash (null pointer dereference) on affected TensorFlow builds. A fix ...
CVE-2021-29542
Summary: CVE-2021-29542 affects TensorFlow’s StringNGrams function in tf.raw_ops. The vulnerability arises when input leads to a case where num_tokens is 0 and data_start_index equals 0 (left padding present), causing an out-of-bounds read of data[-1] in the loop that builds an n-gram, leading to...