8 matches found
CVE-2022-23557
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...
EUVD-2021-0409
Malware in sbrugna...
EUVD-2021-0326
Malware in sbrugna...
CVE-2021-29590
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
CVE-2022-23561
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...
Denial Of Service (DoS)
tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due the tflite model with the parameter filterinputchannel less than 1 which causes a floating point exception, resulting in an application crash...
CVE-2022-29212 Core dump when loading TFLite models with quantization in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...
PYSEC-2021-227
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...