293 matches found
PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`
Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...
PYSEC-2026-976 TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`
Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...
PYSEC-2026-1002 Missing validation crashes `QuantizeAndDequantizeV4Grad`
Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
PYSEC-2026-549 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
PYSEC-2026-548 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
PYSEC-2026-550 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.55, there was an out-of-bounds read vulnerability in the pngsetquantize API function. When this function is called without a histogram and th...
libpng15 security update
1.5.30-15.1 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161449 1.5.30-15 - fix CVE-2026-25646: heap buffer overflow in pngsetquantize RHEL-148412...
OSV-2026-868 Use-of-uninitialized-value in vp8_regular_quantize_b_sse4_1
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520318421 Crash type: Use-of-uninitialized-value Crash state: vp8regularquantizebsse41 macroblockyrd vp8rdpickintramode...
EulerOS Virtualization 2.12.0 : libpng (EulerOS-SA-2026-2104)
According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017766)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017766 advisory. In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. Tenable has extracted the...
TencentOS Server 2: libpng12 (TSSA-2026:0259)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0259 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 3: libpng12 (TSSA-2026:0255)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0255 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CLSA-2026-1777311274 Fix CVE(s): CVE-2026-22801, CVE-2026-25646
SECURITY UPDATE: Heap buffer over-read in pngwriteimage due to truncation of ptrdifft row stride to pnguint16 - debian/patches/CVE-2026-22801.patch: remove incorrect truncation casts from pngwriteimage16bit, pngwriteimage8bit, and pngimagewritemain so large 65535 and negative row strides are...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng12 security update
1.2.50-10.0.1 - Fix CVE-2026-25646: heap buffer overflow in pngsetquantize Orabug: 39183864...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
libpng: LIBPNG has a heap buffer overflow in png_set_quantize
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...
Alibaba Cloud Linux 3 : 0074: libpng15 (ALINUX3-SA-2026:0074)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0074 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25646: LIBPNG is a reference library for u...
Fedora 43 : libpng15 (2026-60fce94678)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-60fce94678 advisory. fix CVE-2026-25646: heap buffer overflow in pngsetquantize Tenable has extracted the preceding description block directly from the Fedora security advisory...