CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

CVE-2022-21738

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

Integer Overflow

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Integer Overflow. The vulnerability is caused due to a missing validation where TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the...

Integer Overflow

TensorFlow is vulnerable to an Integer Overflow. The vulnerability is due to an integer overflow in the TFLite code for allocating TFLiteIntArrays, allowing attackers to craft models that cause memory corruption by dereferencing invalid pointers...

CVE-2022-23576 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...