389 matches found
SUSE CVE-2021-29591
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...
SUSE CVE-2021-29594
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
SUSE CVE-2021-29600
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...
SUSE CVE-2021-29601
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...
SUSE CVE-2021-29605
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...
SUSE CVE-2021-37682
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...
SUSE CVE-2021-37683
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...
SUSE CVE-2021-37685
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...
SUSE CVE-2021-37687
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...
SUSE CVE-2021-37688
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...
SUSE CVE-2021-37691
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...
SUSE CVE-2022-21741
Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...
SUSE CVE-2022-23560
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
...
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
Impact The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is different than the number of output...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.ImageProjectiveTransformV2 when a large output shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from S...
Incorrect Calculation of Buffer Size
Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size...