6 matches found
BIT-TENSORFLOW-2022-29207 Undefined behavior when users supply invalid resource handles in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...
CVE-2022-29205 Segfault due to missing support for quantized types in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2021-29614 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2021-29614 Source advisory: OSV:GHSA-8PMX-P244-G88H...
Division by zero in TFLite's implementation of `SpaceToDepth`
Impact The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. cc const int blocksize = params-blocksize; const int inputheight = input-dims-data1; const int inputwidth = input-dims-data2; int outputheight = inputheight / blocksize; int outputwidth = inputwidth ...
CVE-2021-29566
TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...
PYSEC-2021-170
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...