Heap buffer overflow in `BandedTriangularSolve`

Impact An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve: python import tensorflow as tf import numpy as np matrixarray = np.array matrixtensor = tf.converttotensornp.reshapematrixarray,0,1,dtype=tf.float32 rhsarray = np.array1,1 rhstensor =...

Incomplete validation in `SparseReshape`

Impact Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. python import tensorflow as tf inputindices = tf.constant41, shape=1, 1, dtype=tf.int64 inputshape = tf.zeros11, dtype=tf.int64 newshape = tf.zeros1, dtype=tf.int64...

Heap OOB write in TFLite

Impact A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax: cc TfLiteIntArray outputdims = TfLiteIntArrayCreateNumDimensionsinput - 1; int j = 0; for int i = 0; i dataj = SizeOfDimensioninput, i; ++j; If axisvalue is not a value betwee...

Division by zero in TFLite's implementation of `OneHot`

Impact The implementation of the OneHot TFLite operator is vulnerable to a division by zero error: cc int prefixdimsize = 1; for int i = 0; i dims-datai; const int suffixdimsize = NumElementsopcontext.indices / prefixdimsize; An attacker can craft a model such that at least one of the dimensions ...

Division by zero in TFLite's implementation of Split

Impact The implementation of the Split TFLite operator is vulnerable to a division by zero error: cc TFLITEENSUREMSGcontext, inputsize % numsplits == 0, "Not an even split"; const int slicesize = inputsize / numsplits; An attacker can craft a model such that numsplits would be 0. Patches We have...

Null pointer dereference in TFLite's `Reshape` operator

Impact The fix for CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability allowed passing a null-buffer-backed tensor with a 1D shape: cc if tensor-data.raw == nullptr && tensor-bytes 0 if...

Heap OOB read in `tf.raw_ops.Dequantize`

Impact Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data: python import tensorflow as tf inputtensor=tf.constant 75, 75, 75, 75, -6, -9, -10, -10, -10, -10, -10, -10, -10, -10, -10, -10,\ -10, -10, -10, -10, -10, -10,...

Division by 0 in `MaxPoolGradWithArgmax`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0: python import tensorflow as tf input = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 grad = tf.constant, shape=0, 0, 0, 0, dtype=tf.float32 argmax = tf.constant, shape=0, dtype=tf.int64 ksize = 1, 1, ...

Memory corruption in `DrawBoundingBoxesV2`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf images = tf.fill10, 96, 0, 1, 0. boxes = tf.fill10, 53, 0, 0. colors = tf.fill0, 1, 0...

Null pointer dereference in `SparseFillEmptyRows`

Impact An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows: python import tensorflow as tf indices = tf.constant, shape=0, 0, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 denseshape = tf.constant, shape=0, dtype=tf.int64...

Null pointer dereference in `EditDistance`

Impact An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance: python import tensorflow as tf hypothesisindices = tf.constant247, 247, 247, shape=1, 3, dtype=tf.int64 hypothesisvalues = tf.constant-9.9999, shape=1, dtype=tf.float32 hypothesisshape =...

CHECK-fail in `tf.raw_ops.IRFFT`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT: python import tensorflow as tf values = -10.0 130 values0 = -9.999999999999995 inputs = tf.constantvalues, shape=10, 13, dtype=tf.float32 inputs = tf.castinputs,...

Division by 0 in `SparseMatMul`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul: python import tensorflow as tf a = tf.constant100.0, 100.0, 100.0, 100.0, shape=2, 2, dtype=tf.float32 b = tf.constant, shape=0, 2, dtype=tf.float32 tf.rawops.SparseMatMul a=a, b=b, transposea=True...

Division by 0 in `FusedBatchNorm`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm: python import tensorflow as tf x = tf.constant, shape=1, 1, 1, 0, dtype=tf.float32 scale = tf.constant, shape=0, dtype=tf.float32 offset = tf.constant, shape=0, dtype=tf.float32 mean = tf.constan...

OOB read in `MatrixTriangularSolve`

Impact The implementation of MatrixTriangularSolve fails to terminate kernel execution if one validation condition fails: cc void ValidateInputTensorsOpKernelContext ctx, const Tensor& in0, const Tensor& in1 override OPREQUIRES ctx, in0.dims = 2, errors::InvalidArgument"In0 ndims must be = 2: ",...

CHECK-fail in `CTCGreedyDecoder`

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder: python import tensorflow as tf inputs = tf.constant, shape=18, 2, 0, dtype=tf.float32 sequencelength = tf.constant-100, 17, shape=2, dtype=tf.int32 mergerepeated = False...

Null pointer dereference in `StringNGrams`

Impact An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams: python import tensorflow as tf data=tf.constant'' 11, shape=11, dtype=tf.string splits = 0115 splits.append3 datasplits=tf.constantsplits, shape=116, dtype=tf.int64 tf.rawops.StringNGramsdata=data,...

Heap buffer overflow in `Conv2DBackpropFilter`

Impact An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter: python import tensorflow as tf inputtensor = tf.constant386.078431372549, 386.07843139643234, shape=1, 1, 1, 2, dtype=tf.float32 filtersizes = tf.constant1, 1, 1, 1, shape=4, dtype=tf.int32 outbackprop =...

Heap buffer overflow in `QuantizedReshape`

Impact An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization: python import tensorflow as tf tensor = tf.constant, dtype=tf.qint32 shape = tf.constant, dtype=tf.int32 inputmin = tf.constant, dtype=tf.float32 inputmax = tf.constant,...

Heap buffer overflow in `QuantizedMul`

Impact An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization: python import tensorflow as tf x = tf.constant256, 328, shape=1, 2, dtype=tf.quint8 y = tf.constant256, 328, shape=1, 2, dtype=tf.quint8 minx = tf.constant, dtype=tf.float32...