Overflow/crash in `tf.image.resize` when size is large
Description
TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflowPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflowPyPI | < 2.4.4 | 2.4.4 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflow-cpuPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflow-cpuPyPI | < 2.4.4 | 2.4.4 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflow-gpuPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflow-gpuPyPI | < 2.4.4 | 2.4.4 |
Affected products
1- Range: >= 2.6.0, < 2.6.1
Patches
1e5272d4204ffMerge pull request #51497 from yongtang:46914-image.resize
2 files changed · +17 −5
tensorflow/core/util/image_resizer_state.h+9 −5 modified@@ -143,11 +143,15 @@ struct ImageResizerState { void ValidateAndCreateOutput(OpKernelContext* context) { ValidateAndCalculateOutputSize(context); if (!context->status().ok()) return; - OP_REQUIRES_OK( - context, - context->allocate_output( - 0, TensorShape({batch_size, out_height, out_width, channels}), - &output)); + + TensorShape shape; + // Guard against shape overflow + OP_REQUIRES_OK(context, shape.AddDimWithStatus(batch_size)); + OP_REQUIRES_OK(context, shape.AddDimWithStatus(out_height)); + OP_REQUIRES_OK(context, shape.AddDimWithStatus(out_width)); + OP_REQUIRES_OK(context, shape.AddDimWithStatus(channels)); + + OP_REQUIRES_OK(context, context->allocate_output(0, shape, &output)); } int64_t batch_size;
tensorflow/python/ops/image_ops_test.py+8 −0 modified@@ -3161,6 +3161,14 @@ def testPreserveAspectRatioSquare(self): self._assertResizeCheckShape(x, x_shape, [320, 320], [320, 320, 3]) + def testLargeDim(self): + with self.session(): + with self.assertRaises(errors.InternalError): + x = np.ones((5, 1, 1, 2)) + v = image_ops.resize_images_v2(x, [1610637938, 1610637938], + image_ops.ResizeMethod.BILINEAR) + _ = self.evaluate(v) + class ResizeImagesTest(test_util.TensorFlowTestCase, parameterized.TestCase):
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-5hx2-qx8j-qjqmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41199ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-609.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-807.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-392.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/issues/46914ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.