6 matches found
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
DEBIAN-CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
Arm NN contains a vulnerability up to version 2026-03-27 where an integer overflow in TensorShape::GetNumElements() (armnn/Tensor.cpp) allows a crafted TFLite model to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multi...
GHSA-PRCG-WP5Q-RV7P Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes
Impact TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of...