CVE-2020-15212

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

CVE-2020-15207

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

CVE-2020-15195

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...

CVE-2020-15214

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

CVE-2020-15205

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

CVE-2020-15206

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25664 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25668 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25665 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25665 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25672 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25672 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25671 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25674 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-27579 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25659 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is available...