📦 Tensorflow

This CVE describes a heap-based buffer overflow vulnerability in TensorFlow that allows attackers to access memory outside user-controlled bounds. This can lead to application crashes or potentially r...

This vulnerability allows arbitrary code execution when TensorFlow or Keras deserializes a malicious YAML model file. Attackers can exploit unsafe YAML loading to run arbitrary commands on affected sy...

This vulnerability in TensorFlow allows attackers to overwrite arbitrary files on the system when tf.keras.utils.get_file is used with extract=True on a malicious archive. It affects TensorFlow users ...

A Denial of Service vulnerability exists in TensorFlow v2.18.0 where using 'valid' padding in tf.keras.layers.Conv2D operations can cause resource exhaustion and service disruption. This affects any s...

CVE-2023-33976 is a vulnerability in TensorFlow's array_ops.upper_bound function that causes a segmentation fault when provided with a tensor that is not rank 2. This can lead to denial of service or ...

This vulnerability in TensorFlow allows a denial of service attack through a null pointer dereference in the ParallelConcat operation when using XLA compilation. It affects users running TensorFlow ve...

This CVE describes a floating-point exception (FPE) vulnerability in TensorFlow's TFLite component when constructing models with a filter_input_channel parameter less than 1. This can cause denial of ...

This vulnerability in TensorFlow allows an out-of-bounds read when the DynamicStitch operation receives mismatched indices and data shapes, potentially leading to memory corruption or information disc...

CVE-2023-25662 is an integer overflow vulnerability in TensorFlow's EditDistance function that could allow attackers to cause denial of service or potentially execute arbitrary code. This affects all ...

This CVE describes a heap buffer overflow vulnerability in TensorFlow's TAvgPoolGrad operation. Attackers could exploit this to cause denial of service, memory corruption, or potentially execute arbit...

This CVE describes a floating point exception vulnerability in TensorFlow's AudioSpectrogram function. Attackers can cause denial of service by triggering division by zero or invalid floating point op...

This CVE describes a null pointer dereference vulnerability in TensorFlow's QuantizedMatMulWithBiasAndDequantize operation when MKL (Math Kernel Library) is enabled. It affects TensorFlow installation...

This vulnerability in TensorFlow's LookupTableImportV2 function causes a Null Pointer Exception (NPE) when scalar values are passed, potentially leading to denial of service. It affects TensorFlow use...

This CVE describes a null pointer dereference vulnerability in TensorFlow's RandomShuffle operation when XLA (Accelerated Linear Algebra) is enabled. It affects TensorFlow versions prior to 2.12.0 and...

This CVE allows attackers to cause a segmentation fault and denial of service in TensorFlow by passing negative values to the tf.raw_ops.EditDistance function. The vulnerability affects users running ...

This CVE describes an integer overflow vulnerability in TensorFlow's Grappler component during cost estimation for crop and resize operations. Attackers can trigger undefined behavior by manipulating ...

This CVE describes a stack overflow vulnerability in TensorFlow's GraphDef format that occurs when loading a SavedModel containing self-recursive functions. The vulnerability affects TensorFlow users ...

This vulnerability in TensorFlow's TFG dialect allows attackers to cause crashes or potentially execute arbitrary code by manipulating SavedModel files on disk. When these malicious files are processe...

CVE-2022-23566 is a heap out-of-bounds write vulnerability in TensorFlow's Grappler component that allows attackers to write arbitrary data to memory. This can lead to remote code execution, denial of...

This vulnerability in TensorFlow's AssignOp implementation allows copying uninitialized data to new tensors, leading to undefined behavior. It affects users of TensorFlow who perform tensor assignment...

This vulnerability in TensorFlow allows a malicious user to trigger use-after-free behavior when decoding PNG images, potentially leading to memory corruption. It affects TensorFlow versions before th...

This CVE describes an integer overflow vulnerability in TensorFlow's Range operation that can lead to undefined behavior or excessive memory allocations. Attackers could exploit this to cause denial o...

This CVE describes an integer overflow vulnerability in TensorFlow's TFLite component where an attacker can craft a malicious TFLite model to trigger memory corruption. The vulnerability affects Tenso...

This vulnerability in TensorFlow allows attackers to craft malicious TFLite models that can read and write memory outside of allocated arrays during sparse-to-dense tensor conversion. This affects all...

CVE-2022-21740 is a heap overflow vulnerability in TensorFlow's SparseCountSparseOutput implementation that allows attackers to write beyond allocated memory boundaries. This can lead to arbitrary cod...

This vulnerability in TensorFlow's SparseTensorSliceDataset allows attackers to cause a null pointer dereference by providing invalid input arguments that bypass validation checks. This affects all sy...

This vulnerability in TensorFlow's ReverseSequence operation allows heap out-of-bounds reads when processing negative batch_dim values. Attackers could potentially read sensitive memory contents or ca...

This vulnerability in TensorFlow's Dequantize operation allows attackers to read past the end of memory arrays by providing invalid axis values, potentially exposing sensitive data or causing crashes....

This CVE describes a memory leak and use-after-free vulnerability in TensorFlow's CollectiveReduceV2 async implementation. Attackers could potentially cause denial of service or execute arbitrary code...

TensorFlow's saved_model_cli tool is vulnerable to code injection via unsafe eval() calls on user-supplied strings, allowing attackers to execute arbitrary code on systems where the CLI tool runs. Thi...

TensorFlow is vulnerable to shape validation flaws in multiple operations, allowing attackers to trigger undefined behavior including crashes or potential memory corruption. This affects all users run...

This vulnerability in TensorFlow's boosted trees implementation allows attackers to trigger denial of service, exploit undefined behavior, and potentially read/write heap buffers. It affects all users...

This vulnerability in TensorFlow's sparse matrix multiplication allows attackers to trigger undefined behavior and potential heap out-of-bounds access by providing zero or negative dimensions. This af...

This vulnerability in TensorFlow allows attackers to trigger a heap out-of-bounds memory access by providing mismatched sizes for indices and values arrays to the SparseFillEmptyRows function. This co...

This vulnerability in TensorFlow allows attackers to trigger an out-of-bounds read in the tf.ragged.cross function, potentially leading to memory disclosure or application crashes. It affects TensorFl...

This CVE describes an out-of-bounds read vulnerability in TensorFlow's QuantizeAndDequantizeV* operations that could allow attackers to read sensitive memory contents. It affects TensorFlow users runn...

This CVE describes an uninitialized variable access vulnerability in TensorFlow's EinsumHelper::ParseEquation() function. The bug occurs when the function fails to properly set boolean flags to false,...

This vulnerability in TensorFlow's QuantizeV2 operation allows attackers to trigger undefined behavior by accessing invalid memory locations. Attackers can cause crashes or potentially execute arbitra...

This vulnerability allows attackers to craft malicious TFLite models that trigger a null pointer dereference in TensorFlow, causing a crash and denial of service. It affects TensorFlow users who proce...

This vulnerability in TensorFlow allows attackers to trigger a null pointer dereference in the SaveV2 operation, potentially causing denial of service or memory corruption. It affects TensorFlow users...

This vulnerability in TensorFlow allows an attacker to cause undefined behavior by triggering a null pointer dereference in the RaggedTensorToVariant operation. Attackers could potentially crash the a...

This vulnerability in TensorFlow allows attackers to cause undefined behavior by triggering null pointer dereferences in Map* and OrderedMap* operations. Attackers can exploit this by passing empty in...

This vulnerability in TensorFlow allows attackers to cause undefined behavior by passing empty tensors to the SparseFillEmptyRows operation, potentially leading to crashes or memory corruption. It aff...

TensorFlow v2.18.0 has a bug where Embedding layers produce random outputs during compilation instead of expected results, causing ML models to generate incorrect predictions. This affects application...

This vulnerability in TensorFlow allows an attacker with input privileges to provide malicious data to the Convolution3DTranspose function, causing a crash and denial of service. It affects TensorFlow...