CLSA-2025-1759420505 Fix CVE(s): CVE-2025-55212

SECURITY UPDATE: denial of Service vulnerability due to zero dimensions crash - debian/patches/CVE-2025-55212.patch: Fix invalid width or height checks in ThumbnailImage method and add safe reciprocal function to avoid division by zero - CVE-2025-55212...

GHSA-FXGC-95XX-GRVQ TensorFlow Denial of Service vulnerability

Impact A malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a malicious invalid input with zero dimension, which crashes a TensorFlow model Check Failed. Note: An attacker must have privilege to provide input to a Convolution3DTranspose call. PoC import tensorflow as...

SUSE CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

Huawei MindSpore Community 数字错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

PT-2021-18351 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementation of the OneHot TFLite...

vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service crash or infinite loop or trigger an integer overflow...

vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service crash or infinite loop or trigger an integer overflow...