VYPR

PyPI package

tensorflow

pkg:pypi/tensorflow

Vulnerabilities (427)

  • CVE-2022-23584HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will b

  • CVE-2022-23583MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such tha

  • CVE-2022-23582MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of ele

  • CVE-2022-23581MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We wil

  • CVE-2022-23580MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, Te

  • CVE-2022-23579MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will

  • CVE-2022-23578MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was pr

  • CVE-2022-23577MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and

  • CVE-2022-23576MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a l

  • CVE-2022-23575MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will b

  • CVE-2022-23574HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign

  • CVE-2022-23573HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (t

  • CVE-2022-23572MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug bui

  • CVE-2022-23571MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid

  • CVE-2022-23570MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op

  • CVE-2022-23566HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2

  • CVE-2022-23565MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick

  • CVE-2022-23564MedFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services i

  • CVE-2022-23563HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check f

  • CVE-2022-23562HigFeb 4, 2022
    affected < 2.5.3fixed 2.5.3

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick th

Page 8 of 22