6 matches found
CVE-2026-41667
Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...
CVE-2026-41667
Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...
MLX has Wild Pointer Dereference in load_gguf()
Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...
SUSE CVE-2022-29210
TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...
PT-2022-19463 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.8.0 Description: The issue arises from the TensorKey hash function using total estimated AllocatedBytes, which is an estimate per tensor and a poor hash function for constants, such as int32 t. It also attempts to access...
PYSEC-2021-792
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...