SUSE CVE-2022-36013

TensorFlow is an open source platform for machine learning. When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0...

PT-2022-15081 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: The implementation of SparseCountSparseOutput in TensorFlow is vulnerable to a heap overflow. This issue can be exploited using the...

PYSEC-2021-235

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

PYSEC-2021-185

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29556

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...