VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2023-25661MedMar 27, 2023
    risk 0.35cvss 6.5epss 0.00

    TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose`…

  • CVE-2023-25667MedMar 25, 2023
    risk 0.35cvss 6.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version…

  • CVE-2022-23589MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one…

  • CVE-2022-23588MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the…

  • CVE-2022-23586MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will…

  • CVE-2022-23583MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such…

  • CVE-2022-23582MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of…

  • CVE-2022-23581MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We…

  • CVE-2022-23580MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1,…

  • CVE-2022-23579MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We…

  • CVE-2022-23577MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3,…

  • CVE-2022-23576MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a…

  • CVE-2022-23575MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will…

  • CVE-2022-23572MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug…

  • CVE-2022-23571MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.00

    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an…

  • CVE-2022-23570MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a…

  • CVE-2022-23565MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.00

    Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also…

  • CVE-2022-23564MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.00

    Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services…

  • CVE-2022-23557MedFeb 4, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also…

  • CVE-2022-21741MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a…

Page 7 of 22