506 matches found
PYSEC-2026-954 TensorFlow has Floating Point Exception in TFLite in conv kernel
Impact Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. Patches We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa. The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. Fo...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
DEBIAN-CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...
CVE-2026-42627
Arm NN contains a vulnerability up to version 2026-03-27 where an integer overflow in TensorShape::GetNumElements() (armnn/Tensor.cpp) allows a crafted TFLite model to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multi...
CVE-2022-23557
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...
CVE-2022-23558
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...
CVE-2022-23560
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...
EUVD-2021-0330
Malware in sbrugna...
EUVD-2021-0411
Malware in sbrugna...
EUVD-2021-0412
Malware in sbrugna...
EUVD-2021-0338
Malware in sbrugna...
EUVD-2021-0326
Malware in sbrugna...
EUVD-2021-0332
Malware in sbrugna...
EUVD-2021-0331
Malware in sbrugna...
EUVD-2021-0414
Malware in sbrugna...
EUVD-2021-0337
Malware in sbrugna...
EUVD-2021-0407
Malware in sbrugna...
EUVD-2021-0413
Malware in sbrugna...
EUVD-2021-0346
Malware in sbrugna...