BIT-TENSORFLOW-2021-29592 Null pointer dereference in TFLite's `Reshape` operator

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

BIT-TENSORFLOW-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29594 Division by zero in TFLite's convolution code

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

BIT-TENSORFLOW-2021-29595 Division by zero in TFLite's implementation of `DepthToSpace`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29596 Division by zero in TFLite's implementation of `EmbeddingLookup`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29597 Division by zero in TFLite's implementation of `SpaceToBatchNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...

BIT-TENSORFLOW-2021-29598 Division by zero in TFLite's implementation of `SVDF`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

BIT-TENSORFLOW-2021-29599 Division by zero in TFLite's implementation of `Split`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

BIT-TENSORFLOW-2021-29600 Division by zero in TFLite's implementation of `OneHot`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

BIT-TENSORFLOW-2021-29601 Integer overflow in TFLite concatentation

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

BIT-TENSORFLOW-2021-29602 Division by zero in TFLite's implementation of `DepthwiseConv`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

BIT-TENSORFLOW-2021-29603 Heap OOB write in TFLite

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

BIT-TENSORFLOW-2021-29604 Division by zero in TFLite's implementation of hashtable lookup

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...

BIT-TENSORFLOW-2021-29605 Integer overflow in TFLite memory allocation

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

BIT-TENSORFLOW-2021-29606 Heap OOB read in TFLite

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

BIT-TENSORFLOW-2021-29607 Incomplete validation in `SparseSparseMinimum`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

BIT-TENSORFLOW-2021-29608 Heap OOB and null pointer dereference in `RaggedTensorToTensor`

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

BIT-TENSORFLOW-2021-29609 Incomplete validation in `SparseAdd`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

BIT-TENSORFLOW-2021-29610 Invalid validation in `QuantizeAndDequantizeV2`

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

BIT-TENSORFLOW-2021-29611 Incomplete validation in `SparseReshape`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...