Lucene search
K
GoogleTensorflow

431 matches found

CVE
CVE
added 2021/11/05 8:10 p.m.80 views

CVE-2021-41210

TensorFlow vulnerability CVE-2021-41210 (BIT-TENSORFLOW-2021-41210) is a heap-based out-of-bounds read in SparseCountSparseOutput shape inference. Affected TF versions permit reading outside heap memory during shape inference of SparseCountSparseOutput. A fix is planned for TensorFlow 2.7.0, with...

7.1CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2022/09/16 10:10 p.m.80 views

CVE-2022-36005

TensorFlow vulnerability CVE-2022-36005: a CHECK failure in tf.quantization.fake_quant_with_min_max_vars_gradient when min or max inputs are non-scalar can trigger a denial of service. A patch is committed (f3cf67ac5705f4f04721d15e485e192bb319feed) and will be included in TensorFlow 2.10.0; the f...

7.5CVSS6.5AI score0.00396EPSS
CVE
CVE
added 2019/04/24 4:17 p.m.79 views

CVE-2018-10055

CVE-2018-10055 affects the TensorFlow XLA compiler in Google TensorFlow prior to 1.7.1. The issue is an invalid memory access and/or a heap buffer overflow triggered by a crafted configuration file, which could cause a crash or allow reading from other parts of process memory. Connected documents...

8.1CVSS7.9AI score0.00442EPSS
CVE
CVE
added 2019/04/24 4:30 p.m.79 views

CVE-2019-9635

CVE-2019-9635 : A NULL pointer dereference in Google TensorFlow (pre-1.12.2) can cause a denial of service via an invalid GIF file. Affected: TensorFlow versions before 1.12.2. Root cause: NULL pointer dereference in GIF handling. Impact: DoS. Mitigation: upgrade to TensorFlow 1.12.2 or later (as...

6.5CVSS6.1AI score0.00453EPSS
CVE
CVE
added 2020/09/25 6:40 p.m.79 views

CVE-2020-15196

CVE-2020-15196 affects TensorFlow 2.3.0: SparseCountSparseOutput and RaggedCountSparseOutput do not validate that the weights tensor has the same shape as the data, allowing reads beyond the weights buffer when fewer weights are provided. This heap-based overflow is mitigated in TensorFlow 2.3.1 ...

9.9CVSS9.1AI score0.00902EPSS
CVE
CVE
added 2021/08/12 9:45 p.m.79 views

CVE-2021-37680

CVE-2021-37680 affects TensorFlow/TSLite, where the division-by-zero vulnerability resides in the implementation of fully connected layers in TFLite. The issue is triggered by a crafted input causing batch_size calculation (input_size / filter->dims->data[1]) to divide by zero. A patch is p...

5.5CVSS5.6AI score0.00152EPSS
CVE
CVE
added 2021/11/05 8:55 p.m.79 views

CVE-2021-41217

CVE-2021-41217 concerns TensorFlow: a null pointer dereference in the control-flow graph construction when paired nodes like Enter/Exit are not properly ordered. The vulnerability causes a crash due to dereferencing a null parent in the pairing logic. A fix is included in TensorFlow 2.7.0, with c...

5.5CVSS5.6AI score0.00181EPSS
CVE
CVE
added 2022/09/16 7:45 p.m.79 views

CVE-2022-35940

TensorFlow RaggedRangOp is affected by CVE-2022-35940: if limits contains a very large float, converting to int64 can overflow, causing an InvalidArgument and an abort that crashes the program. Patch available in commit 37cefa91bee4eace55715eeef43720b958a01192; expected in TensorFlow 2.10.0 with ...

7.5CVSS6.6AI score0.00547EPSS
CVE
CVE
added 2022/09/16 8:45 p.m.79 views

CVE-2022-35969

TensorFlow CVE-2022-35969 stems from Conv2DBackpropInput requiring input_sizes to be 4-dimensional; non-conforming input can trigger a CHECK failure that allows denial of service. A fix was committed (50156d547b9a1da0144d7babe665cf690305b33c) and will be included in TensorFlow 2.10.0, with cherry...

7.5CVSS6.3AI score0.00383EPSS
CVE
CVE
added 2021/05/14 6:55 p.m.78 views

CVE-2021-29512

TensorFlow RaggedBincount vulnerability (CVE-2021-29512) involves a heap-based buffer overflow when the splits argument does not specify a valid SparseTensor. Affected path shows reads beyond splits bounds inside RaggedBincount. The issue is triggered by user-controlled splits containing a single...

7.8CVSS5.5AI score0.00211EPSS
CVE
CVE
added 2021/11/05 10:20 p.m.78 views

CVE-2021-41220

CVE-2021-41220 (TensorFlow) — Normal details The vulnerability affects TensorFlow's async CollectiveReduceV2, causing a memory leak and use-after-free when objects moved via std::move are still accessed during asynchronous processing. The issue path is described in the CVE entry and related advis...

7.8CVSS7.5AI score0.00204EPSS
CVE
CVE
added 2020/12/10 10:10 p.m.77 views

CVE-2020-26271

CVE-2020-26271 : TensorFlow contains a heap out-of-bounds access in MakeEdge when wiring graph edges, caused by missing bounds checks on indices into arrays of tensor data. This can lead to uninitialized memory access and, in certain cases, leakage of library addresses. The description notes the ...

4.4CVSS3.8AI score0.00213EPSS
CVE
CVE
added 2022/09/16 8:35 p.m.77 views

CVE-2022-35966

CVE-2022-35966 affects TensorFlow. When QuantizedAvgPool is given min_input or max_input tensors of a nonzero rank, it can cause a segfault that enables a denial of service. The issue has been patched in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622 and the fix will be included in Tensor...

7.5CVSS6.4AI score0.00409EPSS
CVE
CVE
added 2022/09/16 8:40 p.m.77 views

CVE-2022-35968

TensorFlow: CVE-2022-35968 affects AvgPoolGrad where input orig_input_shape is not fully validated, triggering a CHECK failure that can cause a denial of service. A patch was applied in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f and the fix is scheduled for TensorFlow 2.10.0, with che...

7.5CVSS6.3AI score0.00396EPSS
CVE
CVE
added 2022/09/16 8:45 p.m.77 views

CVE-2022-35970

CVE-2022-35970 affects TensorFlow’s QuantizedInstanceNorm. When x_min or x_max are tensors of a nonzero rank, a segfault occurs, enabling a denial of service as described in the entry. The issue is fixed in the GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0 and the fix is to be included i...

7.5CVSS6.4AI score0.00423EPSS
CVE
CVE
added 2022/09/16 9:0 p.m.76 views

CVE-2022-35972

TensorFlow CVE-2022-35972 concerns a segfault in QuantizedBiasAdd when given min_input, max_input, min_bias, max_bias with a nonzero rank, leading to a denial of service. A patch was applied in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0, with the fix slated for TensorFlow 2.10.0. The ...

7.5CVSS6.4AI score0.00409EPSS
CVE
CVE
added 2022/09/16 9:30 p.m.76 views

CVE-2022-35982

TensorFlow CVE-2022-35982 describes a segfault in SparseBincount when inputs do not form a valid sparse tensor, potentially enabling a denial of service. A patch was applied in commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa, with the fix scheduled for TensorFlow 2.10.0 and cherry-picked for Tens...

7.5CVSS6.4AI score0.00423EPSS
CVE
CVE
added 2019/04/23 8:44 p.m.75 views

CVE-2018-7576

CVE-2018-7576 relates to Google TensorFlow, affecting 1.6.x and earlier due to a null pointer dereference. The available descriptions indicate the exploitation is context‑dependent. The connected documents corroborate the TensorFlow association but do not provide concrete remediation details (pat...

6.5CVSS6.3AI score0.0038EPSS
CVE
CVE
added 2022/09/16 9:35 p.m.75 views

CVE-2022-35989

CVE-2022-35989 affects TensorFlow, where MaxPool on GPU can trigger a denial of service when a ksize window is larger than the input tensor. Root cause: a GPU kernel CHECK failure in MaxPool. Mitigation/fix: patch committed (32d7bd3defd134f21a4e344c8dfd40099aaf6b18); fix to be included in TensorF...

7.5CVSS6.2AI score0.00396EPSS
CVE
CVE
added 2021/11/05 8:5 p.m.74 views

CVE-2021-41201

TensorFlow CVE-2021-41201: The issue is an uninitialized flag in EinsumHelper::ParseEquation that only ever sets input_has_ellipsis/output_has_ellipsis to true, leaving potential uninitialized access when callers expect both true/false values. This affects multiple TF releases (2.4.x–2.7.x) and i...

7.8CVSS7.5AI score0.00241EPSS
CVE
CVE
added 2021/11/05 9:5 p.m.72 views

CVE-2021-41203

TensorFlow vulnerability CVE-2021-41203 (checkpoint loading) is due to missing validation for invalid checkpoint file formats. This allows a local attacker to trigger undefined behavior, integer overflows, segfaults, and CHECK-fail crashes by altering saved checkpoints from outside TensorFlow. Af...

7.8CVSS7.5AI score0.00183EPSS
CVE
CVE
added 2021/11/05 8:20 p.m.72 views

CVE-2021-41224

TensorFlow SparseFillEmptyRows vulnerability (CVE-2021-41224): heap-based out-of-bounds access triggered when indices length does not match values length. Affected in TF versions before 2.7.0; fix included in TF 2.7.0 and cherry-picked to 2.6.1, 2.5.2, and 2.4.4. Remediation: upgrade to TF 2.7.0+...

7.1CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2024/07/30 7:27 p.m.72 views

CVE-2023-33976

CVE-2023-33976: TensorFlow is vulnerable to a denial-of-service crash due to a segfault in array_ops.upper_bound when not given a rank-2 tensor. The documented root cause is a segfault in array_ops.upper_bound; impact is a crash that can be triggered remotely as described in the advisory. The pub...

7.5CVSS7.5AI score0.00429EPSS
CVE
CVE
added 2021/11/05 8:15 p.m.71 views

CVE-2021-41211

CVE-2021-41211 / BIT-tensorflow-2021-41211 : TensorFlow’s QuantizeV2 shape inference can read outside the heap when axis

7.1CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2022/09/16 8:35 p.m.71 views

CVE-2022-35967

CVE-2022-35967 affects TensorFlow: a segfault in QuantizedAdd when min_input or max_input tensors have nonzero rank can trigger a denial of service. The issue has been patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89, with the fix planned for TensorFlow 2.10.0 and cherry-picked t...

7.5CVSS6.4AI score0.00409EPSS
CVE
CVE
added 2022/09/16 8:25 p.m.69 views

CVE-2022-35964

TensorFlow BlockLSTMGradV2 has an input validation flaw that can trigger a segfault/DoS. A patch was committed (2a458fc4866505be27c62f81474ecb2b870498fa) and will be included in TensorFlow 2.10.0; the fix will be cherry-picked to TF 2.9.1, 2.8.1, and 2.7.2. No public workarounds are provided in t...

7.5CVSS6.3AI score0.00409EPSS
CVE
CVE
added 2022/09/16 9:15 p.m.68 views

CVE-2022-35981

TensorFlow’s FractionalMaxPoolGrad vulnerability (CVE-2022-35981) stems from input validation using CHECK failures instead of proper error handling, enabling a potential denial of service when inputs are incorrectly sized. A fix is available via commit 8741e57d163a079db05a7107a7609af70931def4, an...

7.5CVSS6.4AI score0.00396EPSS
CVE
CVE
added 2020/12/10 10:10 p.m.66 views

CVE-2020-26269

CVE-2020-26269 affects TensorFlow (release candidate 2.4.0rc* and related master branch changes) and describes an access out-of-bounds read in the general filesystem-globbing path matching implementation. The root cause is that invariants and preconditions assumed by the parallel GetMatchingPaths...

7.5CVSS7.4AI score0.00663EPSS
CVE
CVE
added 2022/09/16 7:35 p.m.61 views

CVE-2022-35938

CVE-2022-35938 affects TensorFlow and TensorFlow Lite Micro GatherNd where inputs can trigger an out-of-bounds read or crash when sizes mismatch. The issue is patched in commit 4142e47e9e31db481781b955ed3ff807a781b494 and the fix will be included in TensorFlow 2.10.0, with cherry-picks to 2.9.1, ...

9.1CVSS8.1AI score0.00448EPSS
CVE
CVE
added 2025/09/25 12:0 a.m.22 views

CVE-2025-55556

CVE-2025-55556 affects TensorFlow version 2.18.0, where the Embedding operator may output random results during compilation, causing unexpected application behavior. The issue is described across multiple sources (NVD, OSV entries, and related advisories) as a reproducible defect in Embedding com...

6.5CVSS6.8AI score0.00161EPSS
CVE
CVE
added 2025/09/25 12:0 a.m.20 views

CVE-2025-55559

TensorFlow v2.18.0 has a DoS in tf.keras.layers.Conv2D when padding is set to 'valid'. The issue is tied to the padding handling in Conv2D, with no explicit exploit details provided in the connected documents. Practical impact is Denial of Service (availability) as per the CVE metrics; the precis...

7.5CVSS6.5AI score0.00204EPSS
Total number of security vulnerabilities431