GHSA-G4H2-GQM3-C9WQ Segfault in tf.raw_ops.ImmutableConst

Impact Calling tf.rawops.ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. python import tensorflow as tf tf.rawops.ImmutableConstdtype=tf.resource, shape=, memoryregionname="/tmp/test.tx...

GHSA-3QXP-QJQ7-W4HF CHECK-fail in tf.raw_ops.EncodePng

Impact An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: python import tensorflow as tf image = tf.zeros0, 0, 3 image = tf.castimage, dtype=tf.uint8 tf.rawops.EncodePngimage=image This is because the implementation only validates that the...

GHSA-WCV5-QRJ6-9PFM Heap buffer overflow in `Conv3DBackprop*`

Impact Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows: python import tensorflow as tf inputsizes = tf.constant1, 1, 1, 1, 2, shape=5, dtype=tf.int32 filtertensor = tf.constant734.6274508233133, -10.0, -10.0, -10.0, -10.0, -10.0,...

GHSA-84MW-34W6-2Q43 Null pointer dereference via invalid Ragged Tensors

Impact Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float32 filtertensor = tf.constant, shape=0, 0, 0, 0, 0, dtype=tf.float3...

PYSEC-2021-202

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

PYSEC-2021-229

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

PYSEC-2021-457

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...

GHSA-M648-33QF-V3GP CHECK-fail in LSTM with zero-length input in TensorFlow

Impact Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. Patches We have patched the...

GHSA-QHXX-J73R-QPM2 Uninitialized memory access in TensorFlow

Impact Under certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen: cc struct QUInt8 QUInt8 /...

GHSA-P5F8-GFW5-33W4 Heap buffer overflow in Tensorflow

Impact The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, this code is prone to heap buffer overflow...

GHSA-63XM-RX5P-XVQR Heap buffer overflow in Tensorflow

Impact The implementation of SparseFillEmptyRowsGrad uses a double indexing pattern: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL263-L269 It is possible for reverseindexmapi to be an index outside of bound...

GHSA-X5CP-9PCF-PP3H Denial of Service in Tensorflow

Impact The RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:...