Lucene search
K
GoogleTensorflow

431 matches found

CVE
CVE
added 2021/05/14 7:35 p.m.86 views

CVE-2021-29523

CVE-2021-29523 : TensorFlow vulnerability where a crafted input for AddManySparseToTensorsMap can trigger a denial-of-service via a CHECK failure in TensorShapeInitDims when sparse_shape values overflow. Root cause: legacy TensorShapeBase constructor multiplies dimensions with potential overflow,...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/05/14 7:11 p.m.86 views

CVE-2021-29534

TensorFlow vulnerability CVE-2021-29534 concerns a CHECK-fail in tf.raw_ops.SparseConcat caused by using shapes[0] to define the output shape, leading to a denial of service via overflow in TensorShape initialization. Affected behavior occurs when shape dimensions are overflowed during InitDims/A...

5.5CVSS4.7AI score0.00189EPSS
CVE
CVE
added 2021/08/12 6:10 p.m.86 views

CVE-2021-37638

CVE-2021-37638 : TensorFlow vulnerable to a NULL pointer dereference in the RaggedTensorToTensor path caused by sending an empty row_partition_types list. The issue stems from accessing the first element of a user-supplied list without validating non-emptiness. A patch was applied in GitHub commi...

7.8CVSS7.7AI score0.00167EPSS
CVE
CVE
added 2021/08/12 6:10 p.m.86 views

CVE-2021-37647

CVE-2021-37647 describes a null pointer dereference in TensorFlow’s tf.raw_ops.SparseTensorSliceDataset when creating an empty sparse tensor with mismatched indices/values. The description specifies that validation exists but can dereference a null pointer if indices are empty, leading to a crash...

7.7CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2021/08/12 6:10 p.m.86 views

CVE-2021-37649

CVE-2021-37649 describes a null pointer dereference in tf.raw_ops.UncompressElement within TensorFlow. The issue arises when a Variant tensor does not actually contain a CompressedElement, leading to a nullptr dereference during decompression. A patch has been applied in GitHub commit 7bdf50bb4f5...

7.7CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2021/11/05 8:50 p.m.86 views

CVE-2021-41219

TensorFlow SparseMatMul contains undefined behavior by binding a reference to nullptr when either input dimension is 0 or less, risking heap OOB writes. The issue affects TensorFlow releases prior to the fix and is documented across multiple advisories (OSV, GHSA) with specific commit e6cf28c7 an...

7.8CVSS7.5AI score0.00204EPSS
CVE
CVE
added 2021/11/05 8:20 p.m.86 views

CVE-2021-41223

CVE-2021-41223 describes a heap out-of-bounds (OOB) access in TensorFlow's FusedBatchNorm kernels in affected releases. The vulnerability affects the FusedBatchNorm implementation; the fix is planned for TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4 (still in supported range). Mu...

7.1CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2022/09/16 7:40 p.m.86 views

CVE-2022-35937

TensorFlow Lite GatherNd contains an out-of-bounds read when input indices can exceed output sizes. The issue is fixed via patch 595a65a3e224a0362d7e68c2213acfc2b499a196, with the fix planned for TensorFlow 2.10.0 and cherry-picks for 2.9.1, 2.8.1, and 2.7.2 (all in the supported range). There ar...

9.1CVSS8.1AI score0.00441EPSS
CVE
CVE
added 2022/09/16 10:55 p.m.86 views

CVE-2022-35996

TensorFlow’s CVE-2022-35996 describes a DoS due to a division-by-zero in Conv2D when given an empty input with valid filter/padding, producing all-zeros output. The issue was patched in the GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9, and the fix is scheduled for TensorFlow 2.10.0. Mai...

7.5CVSS6.3AI score0.00396EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.86 views

CVE-2022-41886

CVE-2022-41886 affects TensorFlow. The vulnerability occurs in the operator tf.raw_ops.ImageProjectiveTransformV2 when it outputs a large shape, causing an overflow. A patch is in the GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba and the fix will be included in TensorFlow 2.11; TensorFlo...

7.5CVSS6.2AI score0.0043EPSS
CVE
CVE
added 2020/09/25 6:40 p.m.85 views

CVE-2020-15199

Summary: TensorFlow prior to 2.3.1 contains a bug in RaggedCountSparseOutput where input ragged tensors are not validated for proper splits; an empty or single-element splits can trigger a SIGABRT due to an initialization bound. Root cause: lack of validation in RaggedCountSparseOutput when formi...

5.9CVSS5.8AI score0.00805EPSS
CVE
CVE
added 2020/09/25 6:50 p.m.85 views

CVE-2020-15213

CVE-2020-15213 affects TensorFlow Lite prior to 2.2.1 and 2.3.1. The vulnerability arises in the segment_sum implementation: models that use segment sums can trigger a denial of service by causing an out-of-memory allocation. The root cause is that code uses the last element of the segment_ids te...

4.3CVSS4.2AI score0.00632EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.85 views

CVE-2021-29595

TensorFlow/TFLite: DepthToSpace division-by-zero in the DepthToSpace TFLite operator. A model with block_size = 0 triggers a fault in the calculation of output_channels, per the cited code path. A fix is planned for TensorFlow 2.5.0, with cherry-picks to 2.4.2, 2.3.3, 2.2.3, and 2.1.4 (still in s...

7.8CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2021/05/14 7:21 p.m.85 views

CVE-2021-29607

CVE-2021-29607 is tied to TensorFlow’s SparseAdd validation. The issue arises from incomplete validation of sparse tensor inputs (not checking emptiness or second-dimension_matches size), enabling potential undefined behavior such as null pointer dereferences and heap-out-of-bounds writes. The vu...

7.8CVSS6.3AI score0.00234EPSS
CVE
CVE
added 2021/08/12 6:15 p.m.85 views

CVE-2021-37637

CVE-2021-37637 is a TensorFlow null pointer dereference in tf.raw_ops.CompressElement triggered by invalid input. The issue occurred when code accessed a buffer size before validating the buffer, and has been patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be in Te...

7.7CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2021/08/12 9:10 p.m.85 views

CVE-2021-37646

CVE-2021-37646 affects TensorFlow: the StringNGrams implementation can overflow when converting a negative, signed ngram_width to an unsigned size during a reserve call, enabling a potential denial-of-service condition. The root cause is a signed-to-unsigned conversion in TF’s string buffer alloc...

5.5CVSS5.8AI score0.00154EPSS
CVE
CVE
added 2021/08/12 8:25 p.m.85 views

CVE-2021-37664

TensorFlow vulnerability CVE-2021-37664: a heap out-of-bounds read can be triggered in BoostedTreesSparseCalculateBestFeatureSplit by sending illegal values to stats_summary_indices. The issue stems from insufficient validation in the boosted trees code path. A patch was committed (e84c9753...) a...

7.3CVSS7AI score0.00167EPSS
CVE
CVE
added 2021/11/05 8:10 p.m.85 views

CVE-2021-41205

CVE-2021-41205 covers a heap-out-of-bounds read in TensorFlow’s QuantizeAndDequantizeV* shape inference paths. Affected TF releases allow reads beyond heap bounds, with a fix planned for TensorFlow 2.7.0 and cherry-picks back to 2.6.1, 2.5.2, and 2.4.4. Related advisories (OSV-BIT-TENSORFLOW-2021...

7.1CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2022/09/16 9:35 p.m.85 views

CVE-2022-35988

TensorFlow CVE-2022-35988 is a denial-of-service issue triggered when tf.linalg.matrix_rank receives an empty input; the GPU kernel can fail with a CHECK error. A patch was committed (c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a) and the fix is slated for TensorFlow 2.10.0, with cherry-picks to 2.9.1...

7.5CVSS6.3AI score0.00405EPSS
CVE
CVE
added 2022/11/18 12:0 a.m.85 views

CVE-2022-41884

CVE-2022-41884 affects TensorFlow. A numpy array has a shape where one element is zero and the others sum to a large number, triggering an error. The issue has been fixed in commit 2b56169c16e375c521a3bc8ea658811cc0793784 and will be included in TensorFlow 2.11; the fix will also be cherry-picked...

7.5CVSS6.1AI score0.0033EPSS
CVE
CVE
added 2019/04/24 4:3 p.m.84 views

CVE-2018-7577

CVE-2018-7577 affects the Snappy library (1.1.4) as used by Google TensorFlow prior to 1.7.1. The vulnerability stems from memcpy parameter overlap, which can cause a crash or allow reading from other parts of process memory. Exploitation details are not provided in the documents. Practical impac...

8.1CVSS7.7AI score0.0043EPSS
CVE
CVE
added 2020/09/25 6:40 p.m.84 views

CVE-2020-15197

TensorFlow prior to 2.3.1 is affected by CVE-2020-15197 due to a validation gap in SparseCountSparseOutput: the indices tensor is not checked to be rank 2, though code treats it as a matrix. This can allow crafted input sparse tensors to cause a CHECK failure and crash, enabling denial of service...

6.3CVSS6.3AI score0.0072EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.84 views

CVE-2021-29590

TensorFlow/TFLite Minimum and Maximum operators are vulnerable to a heap-based out-of-bounds read when either input tensor is empty, due to broadcasting code indexing both tensors without bounds validation. The issue affects TF/TFLite, with fixes planned for TensorFlow 2.5.0 and cherry-picked bac...

7.1CVSS5.2AI score0.00198EPSS
CVE
CVE
added 2021/05/14 7:22 p.m.84 views

CVE-2021-29592

Summary: CVE-2021-29592 is a null pointer dereference in TensorFlow’s TFLite Reshape operator. The issue arises when the target shape is supplied by a 1-D tensor; a fix previously for CVE-2020-15209 was incomplete, potentially allowing a null buffer to be treated as valid input for a 1-D shape, l...

7.8CVSS6AI score0.00215EPSS
CVE
CVE
added 2021/08/12 9:0 p.m.84 views

CVE-2021-37651

TensorFlow: The FractionalAvgPoolGrad path has a heap-based buffer overflow when handling empty inputs, caused by not validating that the input tensor is non-empty. The implementation constructs an empty EigenDoubleMatrixMap and accesses out-of-bounds buffers. A patch was committed (0f931751fb20f...

7.8CVSS7.5AI score0.00174EPSS
CVE
CVE
added 2021/08/12 10:0 p.m.84 views

CVE-2021-37688

CVE-2021-37688 is a TensorFlow/TFLite vulnerability describing a null pointer dereference in TFLite kernels (implemented in optimized_ops.h) that can crash the process and cause denial of service when processing a crafted TFLite model. The issue is a local condition, with the vulnerable path unco...

7.8CVSS5.6AI score0.00165EPSS
CVE
CVE
added 2022/09/16 10:10 p.m.84 views

CVE-2022-36001

TensorFlow DrawBoundingBoxes input validation issue (CVE-2022-36001): when boxes is not dtype float, a CHECK failure can trigger a denial of service. Patch is in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11; fix will be in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2.8.1 and 2.7.2. ...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2019/04/23 8:50 p.m.83 views

CVE-2018-8825

CVE-2018-8825 affects Google TensorFlow 1.7 and earlier, with a buffer overflow that can lead to local code execution. Multiple connected advisories corroborate a buffer‑overflow issue related to TensorFlow components (e.g., TOCO handling of TFLite graphs in the same family). The provided documen...

8.8CVSS8.9AI score0.00646EPSS
CVE
CVE
added 2021/08/12 5:30 p.m.83 views

CVE-2021-37636

CVE-2021-37636 concerns TensorFlow with a vulnerability in tf.raw_ops.SparseDenseCwiseDiv where division by zero can occur due to how a shared binary-ops class handles this case. The issue affects affected TensorFlow versions and has been addressed by patching the underlying code in a GitHub comm...

5.5CVSS5.6AI score0.00152EPSS
CVE
CVE
added 2021/11/05 8:0 p.m.83 views

CVE-2021-41200

CVE-2021-41200 concerns TensorFlow’s tf.summary.create_file_writer: when called with non-scalar arguments, affected builds can crash due to a CHECK failure. The provided documents specify the issue in TensorFlow’s open-source code path and confirm a fix in TensorFlow 2.7.0, with cherry-picks to o...

5.5CVSS5.7AI score0.0023EPSS
CVE
CVE
added 2022/02/04 10:32 p.m.83 views

CVE-2022-23594

TensorFlow MLIR/TFG GraphDef handling flaw: if a SavedModel is on disk with altered format, conversion to the MLIR-based IR can crash the Python interpreter and may enable heap out-of-bounds reads. Affected scope includes the MLIR import path and associated GraphDef assumptions; exploitation deta...

8.8CVSS5.9AI score0.00142EPSS
CVE
CVE
added 2022/09/16 9:40 p.m.83 views

CVE-2022-35983

CVE-2022-35983 affects TensorFlow. When calling Save or SaveSlices on tensors with an unsupported dtype, a CHECK failure can be triggered, potentially enabling a denial-of-service. The issue is fixed in the GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4 and will be included in TensorFlow ...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2021/11/05 7:50 p.m.82 views

CVE-2021-41195

TensorFlow CVE-2021-41195 affects tf.math.segment_* implementations; large segment_ids can trigger a CHECK failure and abort due to int64 overflow when computing output shapes. Vulnerable CPU/GPU paths use AddDim, with AddDimWithStatus needed to prevent overflow. The fix is planned for TensorFlow...

5.5CVSS5.2AI score0.00205EPSS
CVE
CVE
added 2021/11/05 7:55 p.m.82 views

CVE-2021-41198

CVE-2021-41198 affects TensorFlow where calling tf.tile with very large inputs can trigger a CHECK failure due to int64 overflow, crashing the process. The issue is rooted in the tile operation’s handling of output size and overflow detection. Remediation is available: TensorFlow 2.7.0 includes t...

5.5CVSS5.6AI score0.0023EPSS
CVE
CVE
added 2021/11/05 8:15 p.m.82 views

CVE-2021-41212

TensorFlow ragged.cross shape inference has a heap-based out-of-bounds read in affected releases prior to 2.7.0. The fix is in TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4. Upgrade to 2.7.0+ or apply the patches to mitigate ICU/heap corruption risk. Other CVE trackers (OSV, GHSA...

7.1CVSS6.9AI score0.00201EPSS
CVE
CVE
added 2021/11/05 8:20 p.m.82 views

CVE-2021-41226

TensorFlow SparseBinCount is affected by a heap out-of-bounds (OOB) access due to missing validation between the values and the sparse output shape. Reports in CVE-2021-41226 and related advisories identify this as the root cause in affected TF versions. The fix is planned for TensorFlow 2.7.0, w...

7.1CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2022/09/16 8:25 p.m.82 views

CVE-2022-35965

TensorFlow (CVE-2022-35965) is affected by a NULL pointer dereference in LowerBound/UpperBound when given an empty sorted_inputs, causing a segmentation fault that can lead to a denial of service. The issue affects TensorFlow releases in the affected range and has been patched in commit bce3717ea...

7.5CVSS6.4AI score0.00383EPSS
CVE
CVE
added 2022/09/16 10:55 p.m.82 views

CVE-2022-36012

TensorFlow vulnerability CVE-2022-36012: when mlir::tfg::ConvertGenericFunctionToFunctionDef processes empty function attributes, TensorFlow crashes. A patch (commit ad069af92392efee1418c48ff561fd3070a03d7b) fixes the issue and will be included in TensorFlow 2.10.0, with cherry-picks to 2.9.1, 2....

7.5CVSS6.5AI score0.00547EPSS
CVE
CVE
added 2020/05/04 2:12 p.m.81 views

CVE-2018-21233

TensorFlow

6.5CVSS6.4AI score0.00485EPSS
CVE
CVE
added 2020/09/25 6:46 p.m.81 views

CVE-2020-15201

CVE-2020-15201 : TensorFlow before 2.3.1 contains a bounds-checking flaw in RaggedCountSparseOutput, where input ragged-tensor validation is missing. Specifically, values in the splits tensor may not form a valid partitioning of values, risking a heap-based buffer overflow if split_values does no...

6.8CVSS5.3AI score0.00563EPSS
CVE
CVE
added 2021/05/14 7:10 p.m.81 views

CVE-2021-29553

TensorFlow vulnerability CVE-2021-29553 involves a heap-based out-of-bounds read in tf.raw_ops.QuantizeAndDequantizeV3 caused by not validating the user-supplied axis before indexing the input. Affected TensorFlow versions are in the 2.x range, with a fix planned for TensorFlow 2.5.0 and cherry-p...

7.1CVSS5.2AI score0.00198EPSS
CVE
CVE
added 2021/08/12 8:25 p.m.81 views

CVE-2021-37655

CVE-2021-37655 describes a heap-based read out of bounds in TensorFlow caused by incomplete validation when updating a resource with tf.raw_ops.ResourceScatterUpdate. The issue stems from validating the relationship between the shapes of indices and updates (only divisibility checked instead of p...

7.3CVSS7.3AI score0.00167EPSS
CVE
CVE
added 2021/11/05 7:55 p.m.81 views

CVE-2021-41196

CVE-2021-41196 affects TensorFlow (Keras pooling layers). In affected builds, pooling operations can segfault when pool size is 0 or a dimension is negative because values in the sliding window are not checked to be strictly positive. The issue is tied to TensorFlow’s pooling implementation, with...

5.5CVSS5.5AI score0.0023EPSS
CVE
CVE
added 2021/11/05 8:55 p.m.81 views

CVE-2021-41215

CVE-2021-41215 affects TensorFlow: the shape inference for DeserializeSparse can trigger a null pointer dereference when the serialize_sparse tensor has positive rank (last dimension 3). A fix is available in TensorFlow 2.7.0, with cherry-picks for 2.6.1, 2.5.2, and 2.4.4. Remediation: upgrade to...

5.5CVSS5.6AI score0.00181EPSS
CVE
CVE
added 2022/09/16 10:30 p.m.81 views

CVE-2022-36000

CVE-2022-36000 describes a null pointer dereference in TensorFlow when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes. Affected TF versions include 2.7.2, 2.8.1, 2.9.1 (and beyond) within the supported range; the issue has been patched in commit aed36912609fc072...

7.5CVSS6.5AI score0.00396EPSS
CVE
CVE
added 2021/08/12 8:30 p.m.80 views

CVE-2021-37641

No public technical details are provided in the supplied documents; monitor for updates.

7.3CVSS7AI score0.00167EPSS
CVE
CVE
added 2021/08/12 5:35 p.m.80 views

CVE-2021-37653

TensorFlow Cortex: CVE-2021-37653 affects TensorFlow’s tf.raw_ops.ResourceGather. The issue stems from computing batch_size and dividing by it without validating 0, causing a local crash (denial of service). A patch exists in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11 and should be in...

5.5CVSS5.6AI score0.00152EPSS
CVE
CVE
added 2021/11/05 9:45 p.m.80 views

CVE-2021-41202

The CVE-2021-41202 family describes an overflow in TensorFlow's tf.range kernel caused by a conditional int64 = condition ? int64 : double, where implicit C++ casting to double truncates the result. Affected are TF releases in the 2.4.x–2.7.x range (including 2.7.0 and cherry-picks to 2.6.1, 2.5....

5.5CVSS5.4AI score0.00202EPSS
CVE
CVE
added 2021/11/05 9:45 p.m.80 views

CVE-2021-41209

CVE-2021-41209 affects TensorFlow: in affected versions, convolution operator implementations may trigger a division by zero when given empty filter tensor arguments. The issue is fixed in TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4 in scope. Affected products/versions include ...

5.5CVSS5.6AI score0.00136EPSS
CVE
CVE
added 2021/11/05 8:10 p.m.80 views

CVE-2021-41210

TensorFlow vulnerability CVE-2021-41210 (BIT-TENSORFLOW-2021-41210) is a heap-based out-of-bounds read in SparseCountSparseOutput shape inference. Affected TF versions permit reading outside heap memory during shape inference of SparseCountSparseOutput. A fix is planned for TensorFlow 2.7.0, with...

7.1CVSS6.8AI score0.00148EPSS
Total number of security vulnerabilities431