CVE-2021-41197

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

CVE-2021-41199

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

CVE-2021-41202

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

CVE-2021-41198

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

EUVD-2022-7264

Malicious code in bioql PyPI...

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

SUSE CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

SUSE CVE-2022-23558

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

SUSE CVE-2022-23562

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

SUSE CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

CVE-2022-41885 Overflow in `FusedResizeAndPadConv2D` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41887 Overflow in `tf.keras.losses.poisson` in Tensorflow

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2022-41907 Overflow in `ResizeNearestNeighborGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-21729 Overflow and uncaught divide by zero in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

PYSEC-2022-77

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...