VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2020-26271MedDec 10, 2020
    risk 0.22cvss 4.4epss 0.00

    In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input…

  • CVE-2022-23585MedFeb 4, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling…

  • CVE-2022-23578MedFeb 4, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was…

  • CVE-2022-21733MedFeb 3, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in…

  • CVE-2022-21732MedFeb 3, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper…

  • CVE-2020-15192MedSep 25, 2020
    risk 0.21cvss 4.3epss 0.01

    In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each…

  • CVE-2020-15213MedSep 25, 2020
    risk 0.19cvss 4.0epss 0.01

    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality…

  • CVE-2021-29612LowMay 14, 2021
    risk 0.16cvss 3.6epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60…

  • CVE-2021-29611LowMay 14, 2021
    risk 0.16cvss 3.6epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/ten…

  • CVE-2021-29610LowMay 14, 2021
    risk 0.16cvss 3.6epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorfl…

  • CVE-2019-16778LowDec 16, 2019
    risk 0.10cvss 2.6epss 0.01

    In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of…

  • CVE-2021-29619LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on…

  • CVE-2021-29618LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on…

  • CVE-2021-29617LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,…

  • CVE-2021-29616LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined…

  • CVE-2021-29615LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack…

  • CVE-2021-29604LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_…

  • CVE-2021-29603LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://github.com/tensorflow/tensorflow/blob/102b211d892f3abc14f845a72047809b39cc65ab/tens…

  • CVE-2021-29602LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernel…

  • CVE-2021-29600LowMay 14, 2021
    risk 0.09cvss 2.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_h…

Page 17 of 22