BIT-TENSORFLOW-2022-23558 Integer overflow in TFLite array creation

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

CVE-2022-23558 Integer overflow in TFLite array creation

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

CVE-2022-23558

CVE-2022-23558 describes an integer overflow in TensorFlow’s TFLite path: TfLiteIntArrayCreate alloc_size is derived from TfLiteIntArrayGetSizeInBytes(size), which returns an int instead of a size_t, enabling an attacker-controlled input to overflow computed_size. Affected: TensorFlow/TFLite mode...

GHSA-JF7H-7M85-W2V2 Integer overflow in TFLite memory allocation

Impact The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issue: cc int TfLiteIntArrayGetSizeInBytesint size static TfLiteIntArray dummy; return sizeofdummy + sizeofdummy.data0 size; An attacker can craft a model such that the size multiplier is so large that the...