14326 matches found
CVE-2022-23573 Uninitialized variable access in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
CVE-2022-23573 Uninitialized variable access in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
CVE-2022-23573
TensorFlow's AssignOp implementation can copy uninitialized data to a new tensor, causing undefined behavior. This CVE (CVE-2022-23573) affects the TensorFlow core kernel related to AssignOp. The issue arises because the left-hand side is initialized, but the right-hand side is not checked for in...
CVE-2022-23573 Uninitialized variable access in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized to minimize number of...
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
CVE-2022-23585 Memory leak in decoding PNG images in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
CVE-2022-23585
CVE-2022-23585 refers to a memory-leak vulnerability in TensorFlow's PNG decoding path. After calling png::CommonInitDecode(..., &decode), allocated buffers may remain if an error path triggers OP_REQUIRES, and are not freed before function termination, creating a potential leak. The issue affect...
CVE-2022-23585
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-23579
CVE-2022-23579 affects TensorFlow: the Grappler optimizer can cause a denial of service by altering a SavedModel to trigger CHECK failures in SafeToRemoveIdentity. The issue is linked to the Grappler dependency optimizer logic and manifests as a DoS condition. The fix is planned for TensorFlow 2....
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
CVE-2022-23580
Summary: CVE-2022-23580 affects TensorFlow; during shape inference, TensorFlow may allocate a very large vector based on a user-controlled tensor value. This can lead to resource exhaustion. The issue has a fix in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3 for affected support...
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
CVE-2022-23580
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
CVE-2022-23581
CVE-2022-23581 concerns the Grappler optimizer in TensorFlow. The vulnerability arises when a SavedModel is altered in a way that triggers a CHECK failure in IsSimplifiableReshape, enabling a denial of service. Technical details in the connected documents specify the affected component as the Gra...
CVE-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...