GHSA-RCF8-G8JV-VG6P TensorFlow has Floating Point Exception in AvgPoolGrad with XLA

Impact If the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give an FPE. python import tensorflow as tf import numpy as np @tf.functionjitcompile=True def test: y = tf.rawops.AvgPoolGradoriginputshape=1,0,0,0, grad=0.39117979, ksize=1,0,0,0, strides=1,0,0,0,...

SUSE CVE-2008-2362

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a 1 SProcRenderCreateLinearGradient, 2 SProcRenderCreateRadialGradient, or 3 SProcRenderCreateConicalGradient request with an invalid field...

SUSE CVE-2011-2619

Opera before 11.50 allows remote attackers to cause a denial of service application crash via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style Sheets CSS...

SUSE CVE-2015-8050

Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before...

SUSE CVE-2016-1637

The SkATan2255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site...

SUSE CVE-2017-5377

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox 51...

SUSE CVE-2021-29570

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

SUSE CVE-2022-36005

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

GHSA-HQ7G-WWWP-Q46H `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`

Impact If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. python import tensorflow as tf tf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None Patches We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be...

GHSA-GQ2J-CR96-GVQX `MirrorPadGrad` heap out of bounds read

Impact If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. python import tensorflow as tf tf.rawops.MirrorPadGradinput=1, paddings=0x77f00000,0xa000000, mode = 'REFLECT' Patches We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec9...

GHSA-H7FF-CFC9-WMMH TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`

Impact When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None...

CVE-2022-36005

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsgradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35990

TensorFlow is an open source platform for machine learning. When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from the fact that when tf.quantization.fakequantwithminmaxvarsperchannelgradient receives an input min o...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that when tf.quantization.fakequantwithminmaxvarsgradient receives non-scalar inputs min or...

PT-2022-23088 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when tf.quantization.fake quant with min max vars per channel...

PT-2022-23083 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when the LRNGrad function is given an output image input tenso...

Malicious code in gradient-stringnnnn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbc90d7f1ec5dc1c1558900467a2043b34a1473f060fa9855e8963f898c382d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3439 Malicious code in gradient-stringnnnn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbc90d7f1ec5dc1c1558900467a2043b34a1473f060fa9855e8963f898c382d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in gradient-stringn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 113c8aa7e58460260ad95b3d81fb9e9e4630315cd65aca4be2e12ba86400a49e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...