4783 matches found
PYSEC-2022-94
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., , the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode. However,...
PYSEC-2022-148
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...
PYSEC-2022-135
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...
PYSEC-2022-93
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...
PYSEC-2022-149
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., , the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode. However,...
CVE-2022-23570 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
CVE-2022-23570
CVE-2022-23570 concerns TensorFlow, where decoding a tensor from protobuf may trigger a null-dereference when attributes of mutable arguments are missing. The issue is guarded by a DCHECK, which is a no-op in production and triggers an assertion in debug builds, potentially leading to a crash. Th...
CVE-2022-23570 Null-dereference in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
CVE-2022-23564 Reachable Assertion in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...
CVE-2022-23571
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...
CVE-2022-23571 Reachable Assertion in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
CVE-2022-23585
CVE-2022-23585 refers to a memory-leak vulnerability in TensorFlow's PNG decoding path. After calling png::CommonInitDecode(..., &decode), allocated buffers may remain if an error path triggers OP_REQUIRES, and are not freed before function termination, creating a potential leak. The issue affect...
CVE-2022-23584 Use after free in `DecodePng` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...
CVE-2022-23584
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...
PT-2022-16080 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.3 TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 Description: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter...
Google TensorFlow 资源管理错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a resource management error vulnerability that can be exploited by an attacker to cause use-after-release behavior when decoding PNG images...
PT-2022-16102 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow version 2.7.1 TensorFlow version 2.6.3 TensorFlow version 2.5.3 Description: When decoding PNG images, TensorFlow can produce a memory leak if the image is invalid. After calling...
PT-2022-16088 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.3 TensorFlow versions prior to 2.6.3 TensorFlow versions prior to 2.7.1 TensorFlow versions prior to 2.8.0 Description: When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a...
CLSA-2022-1643747494 Fix of CVE: CVE-2020-7071, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2021-21702
CVE-2020-7068: php: Use of freed hash key in the pharparsezipfile function - CVE-2020-7069: php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV - CVE-2020-7070: php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server -...