PYSEC-2022-129

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

PT-2022-16081 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operatio...

ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

CVE-2021-39255

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22...

Tuxera NTFS-3G 缓冲区错误漏洞

NTFS-3G is a stable, full-featured, read-write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku, and other operating systems. NTFS-3G versions prior to 2021.8.22 are vulnerable to an out-of-bounds read vulnerability. The vulnerability stems from an invalid...