PyPI package
tensorflow
pkg:pypi/tensorflow
Vulnerabilities (427)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-16778 | — | < 1.15.0 | 1.15.0 | Dec 16, 2019 | In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of boun | ||
| CVE-2018-7575 | — | >= 1.0.0, < 1.7.1 | 1.7.1 | Apr 24, 2019 | Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. | ||
| CVE-2019-9635 | — | >= 1.0.0, < 1.12.1 | 1.12.1 | Apr 24, 2019 | NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. | ||
| CVE-2018-10055 | — | >= 1.1.0, < 1.7.1 | 1.7.1 | Apr 24, 2019 | Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. | ||
| CVE-2018-7577 | — | >= 1.1.0, < 1.7.1 | 1.7.1 | Apr 24, 2019 | Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. | ||
| CVE-2018-8825 | — | >= 1.5.0, < 1.7.1 | 1.7.1 | Apr 23, 2019 | Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). | ||
| CVE-2018-7576 | — | >= 1.0.0, < 1.6.0 | 1.6.0 | Apr 23, 2019 | Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. |
- CVE-2019-16778Dec 16, 2019affected < 1.15.0fixed 1.15.0
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of boun
- CVE-2018-7575Apr 24, 2019affected >= 1.0.0, < 1.7.1fixed 1.7.1
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
- CVE-2019-9635Apr 24, 2019affected >= 1.0.0, < 1.12.1fixed 1.12.1
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
- CVE-2018-10055Apr 24, 2019affected >= 1.1.0, < 1.7.1fixed 1.7.1
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
- CVE-2018-7577Apr 24, 2019affected >= 1.1.0, < 1.7.1fixed 1.7.1
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
- CVE-2018-8825Apr 23, 2019affected >= 1.5.0, < 1.7.1fixed 1.7.1
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
- CVE-2018-7576Apr 23, 2019affected >= 1.0.0, < 1.6.0fixed 1.6.0
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
Page 22 of 22