Lucene search
+L

392 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.7 views

CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.3 views

CVE-2021-37687

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS6AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.9 views

CVE-2021-37683

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.11 views

CVE-2020-15212

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

8.6CVSS6.6AI score0.0061EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 p.m.8 views

CVE-2020-15207

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

9CVSS7AI score0.01227EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:53 p.m.8 views

CVE-2020-15214

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

8.1CVSS6.5AI score0.00556EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:49 p.m.12 views

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

9.8CVSS6.5AI score0.00893EPSS
Exploits1
Snyk
Snyk
added 2024/07/30 7:44 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the arrayops.upperbound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor. Remediation Upgrade tensorflow-lite to version 2.15.0 or higher. Reference...

8.7CVSS5.9AI score0.00429EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.4 views

TensorFlow has Floating Point Exception in TFLite in conv kernel

...

7.5CVSS6.4AI score0.00391EPSS
Exploits0
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:12116-1 tensorflow-lite-2.9.1-1.1 on GA media

These are all security issues fixed in the tensorflow-lite-2.9.1-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.2AI score0.0982EPSS
Exploits83References163
OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:12355-1 tensorflow-lite-2.10.0-1.1 on GA media

These are all security issues fixed in the tensorflow-lite-2.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.8AI score0.00619EPSS
Exploits1References59
OSV
OSV
added 2024/03/06 11:20 a.m.17 views

BIT-TENSORFLOW-2020-15207 Segfault and data corruption in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

9CVSS9AI score0.01227EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:20 a.m.17 views

BIT-TENSORFLOW-2020-15208 Data corruption in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

9.8CVSS9.2AI score0.00893EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:20 a.m.14 views

BIT-TENSORFLOW-2020-15209 Null pointer dereference in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one...

5.9CVSS6.3AI score0.008EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:20 a.m.22 views

BIT-TENSORFLOW-2020-15210 Segmentation fault in tensorflow-lite

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.4AI score0.00729EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:20 a.m.18 views

BIT-TENSORFLOW-2020-15211 Out of bounds access in tensorflow-lite

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

5.8CVSS5.2AI score0.00905EPSS
Exploits1References10
OSV
OSV
added 2024/03/06 11:20 a.m.14 views

BIT-TENSORFLOW-2020-15212 Out of bounds access in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

8.6CVSS8.6AI score0.0061EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:20 a.m.18 views

BIT-TENSORFLOW-2020-15213 Denial of service in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

4.3CVSS4.1AI score0.00632EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:20 a.m.28 views

BIT-TENSORFLOW-2020-15214 Out of bounds write in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

8.1CVSS7.8AI score0.00556EPSS
Exploits1References4
Snyk
Snyk
added 2023/03/26 8:31 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. PoC import tensorflow as tf func = tf.rawops.ParallelConcat...

7.5CVSS7AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder