CVE-2020-15214

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

CVE-2020-15205

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

CVE-2020-15206

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25665 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25665 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25672 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25672 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25667 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25667 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25666 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25666 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25662 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25662 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...