Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.ImageProjectiveTransformV2 when a large output shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from S...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.FusedResizeAndPadConv2D when a large tensor shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from SSL ...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generateboundingboxproposals that receives a scores input that must be of rank 4 when running on GPU. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. Referenc...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char array and then it is typecasted to the element type. Detail...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessib...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion when tf.rawops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack. Remediation Upgrade tensorflow-lite to version 2.12....

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Vul AI...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.rawops.ResizeNearestNeighborGrad is given a large size input. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when tf.rawops.TensorListConcat is given elementshape=. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. Details Denial of Service DoS describes a family of attacks, all aim...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the input sparsematrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.rawops.SparseMatrixNNZ. Details Denial of Service DoS describes a family of attacks, all aimed...