CVE-2025-12343 Ffmpeg: double-free vulnerability in ffmpeg tensorflow dnn backend

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

GHSA-XFHX-R7WW-5995 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server...

CVE-2026-0897 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server...

GHSA-XFHX-R7WW-5995 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

CVE-2026-0897 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter, tensorflow-gpu-jupyter...

Azure Linux 3.0 Security Update: python-zipp / tensorflow (CVE-2024-5569)

The version of python-zipp / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5569 advisory. - A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all...

Azure Linux 3.0 Security Update: python3 / tensorflow (CVE-2024-8088)

The version of python3 / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8088 advisory. - There is a HIGH severity vulnerability affecting the CPython zipfile module affecting...

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10. A patched version of the package is available...

EUVD-2023-35131

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

CVE-2023-25667

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

CVE-2021-41197

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

CVE-2021-41207

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

CVE-2021-41225

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

CVE-2021-41199

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

CVE-2021-41218

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

CVE-2021-41195

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

CVE-2021-41209

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...