PYSEC-2021-558

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

PT-2021-21780 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: Due to incomplete validation in tf.raw ops.QuantizeV2, an attacker can trigger...

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. An integer overflow vulnerability exists in the implementation of tf.rawops.QuantizeAndDequantizeV4Grad in versions prior to Google TensorFlow 2.6.0. The vulnerability stems from converting a signed integer value to an...

The vulnerability in the MagickCore/quantize.c component of the console-based image editing tool ImageMagick, related to integer overflow, allows a hacker to cause a service failure.

The vulnerability of the MagickCore/quantize.c component in the console-based image editing tool ImageMagick is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure...

The vulnerability of the IntensityCompare() function in the /MagickCore/quantize.c component of the ImageMagick console graphics editor allows a malicious actor to cause a service failure by manipulating integer overflow values.

The vulnerability of the IntensityCompare function in the /MagickCore/quantize.c component of the ImageMagick console graphics editor is related to integer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure through a specially created file...

GHSA-MQ5C-PRH3-3F3H Invalid validation in `QuantizeAndDequantizeV2`

Impact The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument: python import tensorflow as tf inputtensor = tf.constant0.0, shape=1, dtype=float inputmin = tf.constant-10.0 inputmax = tf.constant-10.0 tf.rawops.QuantizeAndDequantizeV2 input=inputtensor,...

GHSA-H9PX-9VQG-222H Heap OOB in `QuantizeAndDequantizeV3`

Impact An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV3 input=2.5,2.5, inputmin=0,0, inputmax=1,1, numbits=30, signedinput=False, rangegiven=False, narrowrange=False, axis=3...

GHSA-6G85-3HM8-83F9 CHECK-fail in `QuantizeAndDequantizeV4Grad`

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad: python import tensorflow as tf gradienttensor = tf.constant0.0, shape=1 inputtensor = tf.constant0.0, shape=1 inputmin = tf.constant0.0, shape=1, 1 inputmax = tf.constant0.0, shape=1, 1...

DEBIAN-CVE-2020-27769

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c...

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

PYSEC-2021-679

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

CVE-2020-27769

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c...

PYSEC-2021-538

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

PYSEC-2021-247

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

PYSEC-2021-670

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

PYSEC-2021-736

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

PYSEC-2021-190

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

PYSEC-2021-481

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

PYSEC-2021-247

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

PYSEC-2021-736

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...