CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow QuantizeAndDequantizeV4Grad. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in Google TensorFlow. An attacker can exploit the vulnerability to read data outside the boundaries of the heap allocation buffer in "tf.raw\u ops.QuantizeAndDequantizeV3"...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in Google TensorFlow. The vulnerability stems from a lack of validation in tf.rawops.Dequantize. No detailed vulnerability details are provided at this time...

Google TensorFlow缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from tf.rawops.QuantizeAndDequantizeV2 allows invalid values for the axis parameter:. No...

PT-2021-18295 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.2 through 2.4.x and versions prior to 2.5.0 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the...

PT-2021-18361 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The validation in tf.raw...

PT-2021-18333 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: Due to lack of validation in tf.raw...

PT-2021-18304 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can read data outside of bound...

PYSEC-2020-330

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PYSEC-2020-138

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PT-2020-14325 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue allows an attacker to pass an invalid axis value to tf.quantization.quantize and dequantize, resulting in accessing a dimension outside the rank of the input tensor in the C++ kernel...

ffmpeg:ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5641113058148352 Project: ffmpeg Fuzzing Engine: afl Fuzz Target: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address:...

ffmpeg/ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer: Global-buffer-overflow in dequantize

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5648247961419776 Project: ffmpeg Fuzzer: aflffmpegAVCODECIDATRAC9fuzzer Fuzz target binary: ffmpegAVCODECIDATRAC9fuzzer Job Type: aflasanffmpeg Platform Id: linux Crash Type: Global-buffer-overflow READ ...

DEBIAN-CVE-2018-10778

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...

MP3Gain mpglibDBL Buffer Overflow Vulnerability

MP3Gain is a MP3 file volume adjustment application. mpglibDBL is one of the MPEG file decoders. A buffer overflow vulnerability exists in the IIIdequantizesample of the layer3.c file of mpglibDBL in MP3Gain. A remote attacker could exploit this vulnerability to cause a denial of service or...

PT-2017-13452 · Mp3Gain · Mp3Gain +1

Name of the Vulnerable Software and Affected Versions: MP3Gain version 1.5.2 Description: A buffer overflow was discovered in the III dequantize sample function in layer3.c in mpglibDBL, which is used in MP3Gain. This issue causes an out-of-bounds write, potentially leading to remote denial of...

LAME III_dequantize_sample function stack buffer overflow vulnerability

LAME is an open source MP3 audio compression software. A stack buffer overflow vulnerability exists in the LAME libmpgdecoder.a/mpglib/layer3.c/IIIdequantizesample function, which allows remote attackers to exploit the vulnerability by submitting a special file that induces the user to parse it,...