High severityNVD Advisory· Published Feb 4, 2022· Updated Apr 22, 2025

Integer overflow in Tensorflow

CVE-2022-23587

Description

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.5.3	2.5.3
tensorflowPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflowPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-cpuPyPI	< 2.5.3	2.5.3
tensorflow-cpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-cpuPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-gpuPyPI	< 2.5.3	2.5.3
tensorflow-gpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-gpuPyPI	>= 2.7.0, < 2.7.1	2.7.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.7.0, < 2.7.1

Patches

0aaaae6eca5a

Prevent overflow in grappler cost estimation of crop&resize op.

https://github.com/tensorflow/tensorflowMihai MaruseacNov 13, 2021via ghsa

commit

1 file changed · +22 −7

tensorflow/core/grappler/costs/op_level_cost_estimator.cc+22 −7 modified

@@ -2681,27 +2681,42 @@ Status OpLevelCostEstimator::PredictCropAndResize(const OpContext& op_context,
   // calculation differs from rough estimate in implementation, as it separates
   // out cost per box from cost per pixel and cost per element.
 
+  // Since crop arguments are user controlled, check for overflow.
+  int64_t crop_area = MultiplyWithoutOverflow(crop_height, crop_width);
+  if (crop_area < 0)
+    return errors::InvalidArgument("Cannot estimate cost, multiplying ",
+                                   crop_height, " with ", crop_width,
+                                   " would overflow");
+  int64_t crop_volume = MultiplyWithoutOverflow(crop_area, num_boxes);
+  if (crop_volume < 0)
+    return errors::InvalidArgument("Cannot estimate cost, multiplying ",
+                                   crop_area, " with ", num_boxes,
+                                   " would overflow");
+  int64_t crop_depth = MultiplyWithoutOverflow(crop_height, num_boxes);
+  if (crop_depth < 0)
+    return errors::InvalidArgument("Cannot estimate cost, multiplying ",
+                                   crop_height, " with ", num_boxes,
+                                   " would overflow");
+
   // Ops for variables height_scale and width_scale.
   int64_t ops = (sub_cost * 6 + mul_cost * 2 + div_cost * 2) * num_boxes;
   // Ops for variable in_y.
-  ops += (mul_cost * 2 + sub_cost + add_cost) * crop_height * num_boxes;
+  ops += (mul_cost * 2 + sub_cost + add_cost) * crop_depth;
   // Ops for variable in_x (same computation across both branches).
-  ops += (mul_cost * 2 + sub_cost + add_cost) * crop_height * crop_width *
-         num_boxes;
+  ops += (mul_cost * 2 + sub_cost + add_cost) * crop_volume;
   // Specify op_cost based on the method.
   if (use_bilinear_interp) {
     // Ops for variables top_y_index, bottom_y_index, y_lerp.
-    ops += (floor_cost + ceil_cost + sub_cost) * crop_height * num_boxes;
+    ops += (floor_cost + ceil_cost + sub_cost) * crop_depth;
     // Ops for variables left_x, right_x, x_lerp;
-    ops += (floor_cost + ceil_cost + sub_cost) * crop_height * crop_width *
-           num_boxes;
+    ops += (floor_cost + ceil_cost + sub_cost) * crop_volume;
     // Ops for innermost loop across depth.
     ops +=
         (cast_to_float_cost * 4 + add_cost * 3 + sub_cost * 3 + mul_cost * 3) *
         output_elements;
   } else /* method == "nearest" */ {
     // Ops for variables closest_x_index and closest_y_index.
-    ops += round_cost * 2 * crop_height * crop_width * num_boxes;
+    ops += round_cost * 2 * crop_volume;
     // Ops for innermost loop across depth.
     ops += cast_to_float_cost * output_elements;
   }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-8jj7-5vxc-pg2qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-23587ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-96.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-151.yamlghsaWEB
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.ccghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/0aaaae6eca5a7175a193696383f582f53adab23fghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-8jj7-5vxc-pg2qghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000