Null Pointer Error

TensorFlow is vulnerable to Null Pointer Error . The vulnerability is due to improper handling of null pointers returned by the GetVariableInput function and the GetMutableInput function, which are not correctly checked before being used in the TFLite implementation of SVDF, allows an attacker to...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to a division by zero error in the TFLite implementation of hashtable lookup when the values tensor's first dimension is 0, allowing an attacker to craft a model that, when processed, triggers the division by zero erro...

Integer Overflow

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Integer Overflow. The vulnerability is caused due to a missing validation where TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the...

AZL-48740 CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

Divide By Zero

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Divide By Zero. The vulnerability is caused due to a missing validation where the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. An attacker can craft a model such that filter-dims-data1 i...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to the SVDF TFLite operator does not properly handle cases where params-rank is set to 0, allowing an attacker to craft a model that triggers a division by zero error...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...

Null Pointer Dereference

TensorFlow is vulnerable to a null pointer dereference. The vulnerability exists due to unconditionally dereferencing a pointer in the TFLite model, allowing an attacker to craft a TFLite model that triggers this dereference. It leads to crash the system and cause a denial of service...

Out-of-bounds Read

TensorFlow is vulnerable to an Out-of-bounds Read. The vulnerability is due to improper validation of the axisvalue in the TFLite implementation of SplitV, which can lead to accessing data outside the bounds of the tensor shape array...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the implementation of BatchToSpaceNd where TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0 resulting in the...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

Out-of-bounds Write

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Write. The vulnerability is caused due to a missing validation. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax'...

Denial Of Service (DOS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of the block input in the SpaceToBatchNd TFLite operator, which allows an attacker to set a dimension of the block input to 0, causing a division by zero error, which can crash the system or make it...

Integer Overflow

TensorFlow is vulnerable to an Integer Overflow. The vulnerability is due to an integer overflow in the TFLite code for allocating TFLiteIntArrays, allowing attackers to craft models that cause memory corruption by dereferencing invalid pointers...

Denial Of Service (DOS)

TensorFlow is vulnerable to a denial of service. The vulnerability is due to the improper handling of the dimensionality of the output tensor in TensorFlow Lite's segment sum implementation,where the code uses the last element of the tensor holding segment IDs to determine the output tensor's siz...

Out-Of-Bounds Writes

TensorFlow is vulnerable to out-of-bounds writes. The vulnerability is due to the improper handling of negative elements in the segment ids tensor, allowing negative values that result in out-of-bounds memory writes during the segment sum operation...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to the Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. An attacker can craft a model such that params-blocksize would be zero and potentially leads to DoS...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the optimized implementation of the TransposeConv TFLite operator where there is a missing validation for strideh,w variable. An attacker can craft a model such that strideh,w values are 0 resulting in Divi...

Out-of-bounds Write

tensorflow, tensorflow-cpu and tensorflowgpu is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of tensors when a model uses the same tensor for both an input and output of an operator, which can result in data loss and memory corruption...

AZL-48141 CVE-2024-8088 affecting package tensorflow for versions less than 2.16.1-7

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...