Lucene search
K

10 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

4.8CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-951 Overflow in `ImageProjectiveTransformV2`

Impact When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. python import tensorflow as tf interpolation = "BILINEAR" fillmode = "REFLECT" images = tf.constant0.184634328, shape=2,5,8,3, dtype=tf.float32 transforms = tf.constant0.378575385, shape=2,8,...

4.8CVSS7AI score0.0043EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1050 Segfault via invalid attributes in `pywrap_tfe_src.cc`

Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...

5.5CVSS6AI score0.00404EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-964 Overflow in `FusedResizeAndPadConv2D`

Impact When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. python import tensorflow as tf mode = "REFLECT" strides = 1, 1, 1, 1 padding = "SAME" resizealigncorners = False input = tf.constant147, shape=3,3,1,1, dtype=tf.float16 size =...

4.8CVSS5.9AI score0.0043EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2022/12/06 12:0 a.m.3 views

CVE-2022-41910

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...

9.1CVSS6.9AI score0.00401EPSS
Exploits0
OSV
OSV
added 2022/11/21 11:51 p.m.3 views

GHSA-CQVQ-FVHR-V6HC `CHECK` failure in `SobolSample` via missing validation

Impact Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patches We have patched the issue in...

7AI score
Exploits0References2
OSV
OSV
added 2022/11/21 10:3 p.m.4 views

GHSA-G9FM-R5MM-RF9F `CHECK_EQ` fail via input in `SparseMatrixNNZ`

Impact An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. python import tensorflow as tf tf.rawops.SparseMatrixNNZsparsematrix= Patches We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The...

4.8CVSS5.8AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2022/11/21 8:44 p.m.2 views

GHSA-GQ2J-CR96-GVQX `MirrorPadGrad` heap out of bounds read

Impact If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. python import tensorflow as tf tf.rawops.MirrorPadGradinput=1, paddings=0x77f00000,0xa000000, mode = 'REFLECT' Patches We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec9...

4.8CVSS7AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2022/11/18 10:15 p.m.7 views

AZL-11540 CVE-2022-41901 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in...

7.5CVSS7.2AI score0.0044EPSS
Exploits1References1
OSV
OSV
added 2022/11/18 10:15 p.m.8 views

AZL-11528 CVE-2022-41889 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

7.5CVSS7.2AI score0.00404EPSS
Exploits1References1
Rows per page
Query Builder