TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service ...

pip/tensorflow-cpu<2.11.1

pip/tensorflow<2.11.1

Google TensorFlow<2.11.1

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in ve...

Google TensorFlow<2.12.0

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements o...

Google TensorFlow<2.12.0

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a paramet...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating poi...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.1...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full ...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in T...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` wil...

Google TensorFlow<2.12.0

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the ...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remot...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorF...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error....

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and v...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. ...

Google TensorFlow<2.12.0

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11...

Google TensorFlow<2.12.0

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than o...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than o...

pip/tensorflow-gpu>=2.10.0<2.10.1

pip/tensorflow-cpu>=2.10.0<2.10.1

pip/tensorflow-gpu>=2.9.0<2.9.3

pip/tensorflow-cpu>=2.9.0<2.9.3

pip/tensorflow-gpu<2.8.4

pip/tensorflow-cpu<2.8.4

and 6 more

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the eleme...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToCompon...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub comm...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have ...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerab...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in G...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched t...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351eda...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717c...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash....

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result....

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial ...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can ...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not ...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow>=2.10.0<2.10.1

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions...

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d5682...

Google TensorFlow<2.7.4

Google TensorFlow>=2.8.0<2.8.1

Google TensorFlow>=2.9.0<2.9.1

Google TensorFlow=2.10.0-rc0

Google TensorFlow=2.10.0-rc1

Google TensorFlow=2.10.0-rc2

and 1 more

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We hav...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value in `true_classes` larger than `range_max`, a heap oob read occurs. We have patch...

Google TensorFlow<2.8.4

Google TensorFlow>=2.9.0<2.9.3

Google TensorFlow=2.10.0

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub ...

Google TensorFlow=2.10.0

Google TensorFlow=2.10.0-rc0

Google TensorFlow=2.10.0-rc1

Google TensorFlow=2.10.0-rc2

Google TensorFlow=2.10.0-rc3

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the i...

Google TensorFlow<2.7.2

Google TensorFlow>=2.8.0<2.8.1

Google TensorFlow>=2.9.0<2.9.1

Google TensorFlow=2.10-rc0

Google TensorFlow=2.10-rc1

Google TensorFlow=2.10-rc2

and 1 more

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub co...

Google TensorFlow<2.7.2

Google TensorFlow>=2.8.0<2.8.1

Google TensorFlow>=2.9.0<2.9.1

Google TensorFlow=2.10-rc0

Google TensorFlow=2.10-rc1

Google TensorFlow=2.10-rc2

and 1 more

TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e3...

Google TensorFlow<2.7.2

Google TensorFlow>=2.8.0<2.8.1

Google TensorFlow>=2.9.0<2.9.1

Google TensorFlow=2.10-rc0

Google TensorFlow=2.10-rc1

Google TensorFlow=2.10-rc2

and 1 more

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We hav...

Google TensorFlow<2.7.2

Google TensorFlow>=2.8.0<2.8.1

Google TensorFlow>=2.9.0<2.9.1

Google TensorFlow=2.10-rc0

Google TensorFlow=2.10-rc1

Google TensorFlow=2.10-rc2

and 1 more

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2023 SecAlerts Pty Ltd.

ABN: 70 645 966 203, ACN: 645 966 203

ABN: 70 645 966 203, ACN: 645 966 203