Lucene search
+L

404 matches found

Cvelist
Cvelist
added 2022/11/18 12:0 a.m.54 views

CVE-2022-41897 `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

4.8CVSS7.7AI score0.0044EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/18 12:0 a.m.35 views

CVE-2022-41896 `tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

4.8CVSS7.7AI score0.0044EPSS
Exploits1References3
OSV
OSV
added 2022/11/18 12:0 a.m.33 views

CVE-2022-41898 `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi...

4.8CVSS7.8AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2022/11/18 12:0 a.m.28 views

CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

6.8CVSS7.7AI score0.0035EPSS
Exploits1References6
OSV
OSV
added 2022/11/18 12:0 a.m.22 views

CVE-2022-41886 Overflow in `ImageProjectiveTransformV2` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...

4.8CVSS7.7AI score0.0043EPSS
Exploits1References5
OSV
OSV
added 2022/11/18 12:0 a.m.23 views

CVE-2022-41885 Overflow in `FusedResizeAndPadConv2D` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

4.8CVSS7.5AI score0.0043EPSS
Exploits1References5
OSV
OSV
added 2022/11/18 12:0 a.m.23 views

CVE-2022-41909 Segfault in `CompositeTensorVariantToComponents` in Tensorflow

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

4.8CVSS7.8AI score0.0049EPSS
Exploits1References6
OSV
OSV
added 2022/11/18 12:0 a.m.25 views

CVE-2022-41889 Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

5.5CVSS7.8AI score0.00404EPSS
Exploits1References5
NVD
NVD
added 2022/09/16 11:15 p.m.32 views

CVE-2022-36027

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

7.5CVSS0.00619EPSS
Exploits1References3
NVD
NVD
added 2022/09/16 11:15 p.m.33 views

CVE-2022-36013

TensorFlow is an open source platform for machine learning. When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0...

7.5CVSS0.00567EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 11:15 p.m.15 views

CVE-2022-36011

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in...

7.5CVSS0.00411EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 11:15 p.m.62 views

CVE-2022-36012

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

7.5CVSS0.00567EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 11:15 p.m.48 views

CVE-2022-36000

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in...

7.5CVSS0.00411EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 11:15 p.m.40 views

CVE-2022-35998

TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.0042EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 11:15 p.m.53 views

CVE-2022-35997

TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The f...

7.5CVSS0.0042EPSS
Exploits0References2
Prion
Prion
added 2022/09/16 11:15 p.m.23 views

Stack overflow

TensorFlow is an open source platform for machine learning. When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix wi...

5CVSS7.5AI score0.00411EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/16 11:15 p.m.19 views

Stack overflow

TensorFlow is an open source platform for machine learning. When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. We have patched the issue in GitHub commit...

5CVSS7.6AI score0.00567EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/16 11:15 p.m.13 views

Stack overflow

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

5CVSS7.7AI score0.0058EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/16 10:55 p.m.49 views

CVE-2022-36015 Integer overflow in math ops in TensorFlow

TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...

5.9CVSS7.8AI score0.00567EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/16 10:55 p.m.59 views

CVE-2022-36012 Assertion fail on MLIR empty edge names in TensorFlow

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

5.9CVSS7.8AI score0.00567EPSS
Exploits0References3
Rows per page
Query Builder