CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

DEBIAN-CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

CVE-2026-42627

Arm NN contains a vulnerability up to version 2026-03-27 where an integer overflow in TensorShape::GetNumElements() (armnn/Tensor.cpp) allows a crafted TFLite model to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multi...

SUSE CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

SUSE CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

GHSA-WXJJ-CGCX-R3VQ TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`

Impact The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 1, 1, 1, 1 strides = 1, 1, 1, 1, 1 padding ...

CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

PT-2022-23058 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of AvgPool3DGradOp does not fully validate the input orig...

GHSA-PRCG-WP5Q-RV7P Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

Impact TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of...

GHSA-2CPX-427X-Q2C6 CHECK-fail in AddManySparseToTensorsMap

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap: python import tensorflow as tf import numpy as np sparseindices = tf.constant530, shape=1, 1, dtype=tf.int64 sparsevalues = tf.ones1, dtype=tf.int64 shape = tf.Variabletf.ones55,...

PT-2021-18274 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw...

PT-2021-18285 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can trigger a denial of servic...

UBUNTU-CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...