Heap Buffer Overflow

tensorflow is vulnerable to heap buffer overflow. Failure to ensure that only operators which accept optional inputs use the -1 special value and only for the tensors that they expect to be optional allows an attacker to write and read from outside the bounds of heap allocated arrays...

CVE-2020-15211

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

CVE-2020-15211

CVE-2020-15211 : In TensorFlow Lite (before 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1), a negative -1 tensor index used for optional inputs can be treated as a valid index during validation, allowing out-of-bounds reads/writes in some operators. The root cause is the double indexing scheme for tensors i...

GHSA-CVPC-8PHH-8F45 Out of bounds access in tensorflow-lite

Impact In TensorFlow Lite, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of...