Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to the SVDF TFLite operator does not properly handle cases where params-rank is set to 0, allowing an attacker to craft a model that triggers a division by zero error...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...

Null Pointer Dereference

TensorFlow is vulnerable to a null pointer dereference. The vulnerability exists due to unconditionally dereferencing a pointer in the TFLite model, allowing an attacker to craft a TFLite model that triggers this dereference. It leads to crash the system and cause a denial of service...

Out-of-bounds Read

TensorFlow is vulnerable to an Out-of-bounds Read. The vulnerability is due to improper validation of the axisvalue in the TFLite implementation of SplitV, which can lead to accessing data outside the bounds of the tensor shape array...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the implementation of BatchToSpaceNd where TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0 resulting in the...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

Out-of-bounds Write

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Write. The vulnerability is caused due to a missing validation. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax'...

Denial Of Service (DOS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of the block input in the SpaceToBatchNd TFLite operator, which allows an attacker to set a dimension of the block input to 0, causing a division by zero error, which can crash the system or make it...

Integer Overflow

TensorFlow is vulnerable to an Integer Overflow. The vulnerability is due to an integer overflow in the TFLite code for allocating TFLiteIntArrays, allowing attackers to craft models that cause memory corruption by dereferencing invalid pointers...

Denial Of Service (DOS)

TensorFlow is vulnerable to a denial of service. The vulnerability is due to the improper handling of the dimensionality of the output tensor in TensorFlow Lite's segment sum implementation,where the code uses the last element of the tensor holding segment IDs to determine the output tensor's siz...

Out-Of-Bounds Writes

TensorFlow is vulnerable to out-of-bounds writes. The vulnerability is due to the improper handling of negative elements in the segment ids tensor, allowing negative values that result in out-of-bounds memory writes during the segment sum operation...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to the Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. An attacker can craft a model such that params-blocksize would be zero and potentially leads to DoS...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the optimized implementation of the TransposeConv TFLite operator where there is a missing validation for strideh,w variable. An attacker can craft a model such that strideh,w values are 0 resulting in Divi...

Out-of-bounds Write

tensorflow, tensorflow-cpu and tensorflowgpu is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of tensors when a model uses the same tensor for both an input and output of an operator, which can result in data loss and memory corruption...

AZL-48141 CVE-2024-8088 affecting package tensorflow for versions less than 2.16.1-7

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2. A patched version of the package is available...

AZL-48036 CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

SUSE CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

AZL-47385 CVE-2024-6923 affecting package tensorflow for versions less than 2.16.1-9

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...

BIT-TENSORFLOW-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...