SUSE CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from a reference kernel for the CONV3DTRANSPOSE TensorFlow Lite operator that incorrectly adds dataptr when adding bias to results...

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41894

TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of inp...

GHSA-Q5JV-M6QW-5G37 TensorFlow vulnerable to floating point exception in `Conv2D`

Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...

GHSA-79H2-Q768-FPXR TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. Google TensorFlow suffers from an input validation error vulnerability that stems from a segmentation error in the converter and crashes the Python process when using a...

PT-2022-23097 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 Description: The issue occurs when Conv2DBackpropInput receives empty out backprop...

Huawei MindSpore Community 数字错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei, China. A security vulnerability exists in Huawei MindSpore Community DepthwiseConv2D, which results in a divide by 0 exception when the attribute depthmultiplier is zero...

GHSA-PQHM-4WVF-2JG8 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

PT-2022-19448 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.Conv3DBackpropFilterV2 does not fully validate the input...

Google TensorFlow numeric error vulnerability (CNVD-2022-14993)

TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow is vulnerable to a numerical error that results from the fact that the cost estimator of certain convolution operations can be used to perform an operation divided by zero, and the function fails ...

Division by zero in Tensorflow

Impact The estimator for the cost of some convolution operations can be made to execute a division by 0: python import tensorflow as tf @tf.function def test: y=tf.rawops.AvgPoolGrad originputshape=1,1,1,1, grad=1.0,1.0,1.0,2.0,2.0,2.0,3.0,3.0,3.0, ksize=1,1,1,1, strides=1,1,1,0, padding='VALID',...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization on the division operation in the convolution parameters allowing an attacker to crash the system via a maliciously crafted TFLite model...

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-120

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-120

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-65

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

CVE-2022-21741

TensorFlow’s CVE-2022-21741 affects TFLite depthwise convolutions where a division by zero can occur due to user-controlled convolution parameters and no positivity check before division. The issue enables a potential denial of service via crafted models. The fix is planned for TensorFlow 2.8.0, ...