tensorflow is vulnerable to denial of service. The vulnerability exists in the DoImageProjectiveTransformOp
function of image_ops.cc
, allowing an attacker to crash the application by providing large output shapes.
github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/image_ops.cc
github.com/tensorflow/tensorflow/commit/1824fc104a46a8ad2c9617385cbf412a14865081
github.com/tensorflow/tensorflow/commit/4075eb0526894680f19a93db8d31dce0a2d98569
github.com/tensorflow/tensorflow/commit/8faa6ea692985dbe6ce10e1a3168e0bd60a723ba
github.com/tensorflow/tensorflow/commit/acb059e4417ee8271150740af058f8cbc8ebf151
github.com/tensorflow/tensorflow/pull/57992
github.com/tensorflow/tensorflow/pull/57993
github.com/tensorflow/tensorflow/pull/57994
github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx