CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

CVE-2021-29544

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...

CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

PT-2021-18361 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The validation in tf.raw...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in Google TensorFlow. An attacker can exploit the vulnerability to read data outside the boundaries of the heap allocation buffer in "tf.raw\u ops.QuantizeAndDequantizeV3"...

TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow QuantizeAndDequantizeV4Grad. An attacker can exploit this vulnerability to cause a CHECK-failure denial of service...

PT-2021-18304 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can read data outside of bound...

PT-2021-18295 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.4.2 through 2.4.x and versions prior to 2.5.0 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the...

Google TensorFlow缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from tf.rawops.QuantizeAndDequantizeV2 allows invalid values for the axis parameter:. No...

CVE-2020-27754

In IntensityCompare of /magick/quantize.c, there are calls to PixelPacketIntensity which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity function, which forces the pixel...

ImageMagick Studio ImageMagick 输入验证错误漏洞

ImageMagick is a suite of open source image processing software. The software can read, convert or write images in a variety of formats. ImageMagick suffers from a security vulnerability, which stems from IntensityCompare of /magick/quantize.c, where a call to PixelPacketIntensity returns an...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS. The vulnerability exists as there are out of range of representable values of type float at MagickCore/quantize.c...

CVE-2020-27759

In IntensityCompare of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type int to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat...

PYSEC-2020-330

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PYSEC-2020-138

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

CVE-2020-15265

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

PT-2020-14325 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue allows an attacker to pass an invalid axis value to tf.quantization.quantize and dequantize, resulting in accessing a dimension outside the rank of the input tensor in the C++ kernel...

CVE-2019-11598

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c...

UBUNTU-CVE-2018-11625

In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file...