Moderate severityNVD Advisory· Published Nov 18, 2022· Updated Apr 22, 2025
Overflow in `ResizeNearestNeighborGrad` in Tensorflow
CVE-2022-41907
Description
TensorFlow is an open source platform for machine learning. When tf.raw_ops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.8.4 | 2.8.4 |
tensorflowPyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
tensorflowPyPI | >= 2.10.0, < 2.10.1 | 2.10.1 |
tensorflow-cpuPyPI | < 2.8.4 | 2.8.4 |
tensorflow-gpuPyPI | < 2.8.4 | 2.8.4 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.3 | 2.9.3 |
tensorflow-cpuPyPI | >= 2.10.0, < 2.10.1 | 2.10.1 |
tensorflow-gpuPyPI | >= 2.10.0, < 2.10.1 | 2.10.1 |
Affected products
1- Range: >= 2.10.0, < 2.10.1
Patches
100c821af032bFix tf.raw_ops.ResizeNearestNeighborGrad vulnerability with large dimensions.
2 files changed · +24 −5
tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc+5 −5 modified@@ -257,11 +257,11 @@ class ResizeNearestNeighborOpGrad : public OpKernel { const int64_t out_width = sizes(1); Tensor* output = nullptr; - OP_REQUIRES_OK( - context, - context->allocate_output( - 0, TensorShape({batch_size, out_height, out_width, channels}), - &output)); + TensorShape shape; + OP_REQUIRES_OK(context, + TensorShape::BuildTensorShape( + {batch_size, out_height, out_width, channels}, &shape)); + OP_REQUIRES_OK(context, context->allocate_output(0, shape, &output)); // Return if the output is empty. if (output->NumElements() == 0) return;
tensorflow/python/ops/image_ops_test.py+19 −0 modified@@ -4175,6 +4175,25 @@ def testPad(self): self._assertReturns(x, x_shape, y, y_shape) +class ResizeNearestNeighborGrad(test_util.TensorFlowTestCase): + + def testSizeTooLarge(self): + align_corners = True + half_pixel_centers = False + grads = constant_op.constant(1, shape=[1, 8, 16, 3], dtype=dtypes.float16) + size = constant_op.constant([1879048192, 1879048192], + shape=[2], + dtype=dtypes.int32) + with self.assertRaisesRegex(errors.InvalidArgumentError, + r"Encountered overflow when multiplying"): + self.evaluate( + gen_image_ops.ResizeNearestNeighborGrad( + grads=grads, + size=size, + align_corners=align_corners, + half_pixel_centers=half_pixel_centers)) + + class ResizeImageWithCropOrPadTest(test_util.TensorFlowTestCase): def _ResizeImageWithCropOrPad(self, x, target_height, target_width,
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-368v-7v32-52fxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41907ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.ccghsaWEB
- github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fxghsaWEB
News mentions
0No linked articles in our index yet.