CVE-2021-37665

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

PT-2021-21801 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The issue affects all TFLite operations that use quantization, allowing them to...

GHSA-M34J-P8RJ-WJXQ Division by 0 in `QuantizedBiasAdd`

Impact An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd: python import tensorflow as tf inputtensor = tf.constant, shape=0, 0, 0, 0, dtype=tf.quint8 bias = tf.constant, shape=0, dtype=tf.quint8 mininput = tf.constant-10.0, dtype=tf.float32...

CVE-2021-29537

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

CVE-2021-29535

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

CVE-2021-29535 Heap buffer overflow in `QuantizedMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

CVE-2021-29536 Heap buffer overflow in `QuantizedReshape`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

CVE-2021-29537 Heap buffer overflow in `QuantizedResizeBilinear`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

CVE-2021-29546

CVE-2021-29546 concerns TensorFlow’s QuantizedBiasAdd. The issue arises from the Eigen kernel implementation in quantization_utils.h, which divides by the number of elements of the smaller input without guarding against zero, causing integer division by zero undefined behavior. Public details in ...

PT-2021-18288 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can cause a heap buffer overfl...

Leptonica Heap Buffer Overflow Vulnerability

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in pixFewColorsOctcubeQuantMixed in colorquant1.c in versions of Leptonica prior to 1.80.0. No detailed vulnerability details are...

Dan Bloomberg Leptonica 缓冲区错误漏洞

Leptonica is an open source library containing software widely used in image processing and image analysis applications. A heap buffer overflow vulnerability exists in pixFewColorsOctcubeQuantMixed in colorquant1.c in versions of Leptonica prior to 1.80.0. No detailed vulnerability details are...

Segfault in `tf.quantization.quantize_and_dequantize`

Impact An attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize: python tf.quantization.quantizeanddequantize input=2.5, 2.5, inputmin=0,0, inputmax=1,1, axis=10 This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation:...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2020-62802)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow versions prior to 2.4.0, which can be exploited by an attacker to pass an invalid axis value to tf.quantization. digit transformation and dequantize...

UBUNTU-CVE-2020-6624

jhead through 3.04 has a heap-based buffer over-read in processDQT in jpgqguess.c...

PT-2020-19191 · Mats Peterson +5 · Jhead +5

Name of the Vulnerable Software and Affected Versions: jhead versions 3.04 and earlier Description: The issue is a heap-based buffer over-read in the process DQT function located in jpgqguess.c. This occurs in the processing of certain data. Recommendations: For versions 3.04 and earlier, at the...

IrfanView User Mode Write Access Conflict Vulnerability (CNVD-2019-36931)

IrfanView is an image viewer by Irfan Skiljan software developer in Bosnia and Herzegovina that supports image browsing, image editing, image format conversion and more. IrfanView 4.53 suffers from a user-mode write access conflict vulnerability. An attacker can exploit this vulnerability to read...

OpenExif Denial of Service Vulnerability

OpenExif is an object-oriented library for accessing JPEG image files in Exif format. A denial of service vulnerability exists in ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif, which could allow a remote attacker to cause a denial of service stack buffer over-reading and application...

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...

XnView JPEG2000 Plugin Buffer Overflow Vulnerability (Windows)

This host has XnView installed and is prone to buffer overflow vulnerability. Vulnerabilities Insight: The flaw is due to an error in the JPEG2000 plugin in Xjp2.dll, when processing a JPEG2000 JP2 file with a crafted Quantization Default QCD marker segment. OpenVAS Vulnerabilities Test $Id:...