X-TRACK security vulnerabilities

X-TRACK is a GPS cycling speedometer developed by VIFEX personal developers, which supports offline maps and track recording. X-TRACK versions 2.7 and earlier had security vulnerabilities, stemming from buffer copying operations in the inflate.C program file, which allowed out-of-bounds writes an...

CVE-2022-35969

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Allocation of Resources Without Limits or Throttling

Overview nlsq is a GPU/TPU accelerated nonlinear least-squares curve fitting using JAX Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing input size validation for arrays and Jacobians. An attacker can cause memory exhaustion by...

EUVD-2022-7448

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

PT-2025-30806

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a warning is triggered on invalid firmware input within the ath6kl module. This warning does not provide useful information and is a frequent...

BIT-TENSORFLOW-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2023-34454

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

CVE-2023-34453

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

Stack overflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

PT-2022-26114 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue occurs when ops with specified input sizes receive a differing number of inputs, causing the executor to cras...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

PYSEC-2021-281

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting e.g., gradients of binary cwise operations. The implementatio...

GHSA-C968-PQ7H-7FXV Division by 0 in `Conv3DBackprop*`

Impact The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: python import tensorflow as tf inputsizes = tf.constant0, 0, 0, 0, 0, shape=5, dtype=tf.int32 filtertensor = tf.constant, shape=0, 0, 0, 1, 0,...