Out-of-bounds Read

tensorflow,tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Read. The vulnerability is caused due to the implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are...

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google Tensorflow suffers from a buffer overflow vulnerability that stems from the fact that the implementation of FractionalAvgPoolGrad does not account for invalid input tensor, which can be exploited ...

PT-2021-21792 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a denial of service via a segmentation fault in tf.raw...

GHSA-24X6-8C7M-HV3F Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`

Impact The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting implementation indexes in both tensors with the same index but does not...

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

PT-2021-18295 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.2 through 2.4.x and versions prior to 2.5.0 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the...

PT-2021-18325 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementation of tf.raw...