40 matches found
EUVD-2022-6926
Malicious code in bioql PyPI...
EUVD-2023-1095
Malicious code in bioql PyPI...
EUVD-2022-7195
Malicious code in bioql PyPI...
EUVD-2022-6754
Malicious code in bioql PyPI...
CVE-2022-21739
Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...
CVE-2022-41884
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...
CVE-2021-29548
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...
Integer overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
CVE-2023-27579 TensorFlow has Floating Point Exception in TFLite in conv kernel
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...
Stack overflow
TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...
CVE-2022-36004
TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...
Stack overflow
TensorFlow is an open source platform for machine learning. When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0...
CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types, which was added after migration to...
CVE-2022-29193
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29198 Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09895)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc...
CVE-2021-41223
TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...
CVE-2021-37642 Division by 0 in `ResourceScatterDiv` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...
CVE-2021-29539 Segfault in tf.raw_ops.ImmutableConst
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.ImmutableConsthttps://www.tensorflow.org/apidocs/python/tf/rawops/ImmutableConst with a dtype of tf.resource or tf.variant results in a segfault in the implementation as code assumes that the tensor contents...