tensorflow@2.6.2 vulnerabilities

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the array_ops.upper_bound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor.

Upgrade tensorflow to version 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a malicious invalid input with zero dimension, which crashes a TensorFlow model (Check Failed).

Note: An attacker must have privilege to provide input to a Convolution3DTranspose call.

Upgrade tensorflow to version 2.11.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. Attackers can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when SparseSparseMaximum is given invalid sparse tensors as inputs.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when running with XLA, tf.raw_ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to a null pointer error in RandomShuffle with XLA enabled.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in TensorListSplit with XLA.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a null pointer exception.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a tflite model with a paramater filter_input_channel of less than 1 gives a float pointer exception.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When running with XLA, tf.raw_ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in TAvgPoolGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder, because there is a bug with the tfg-translate call to InitMlir.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception if the stride and window size are not positive for tf.raw_ops.AvgPoolGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference. When ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). When the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Double Free. The nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 functions require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a floating point exception in AudioSpectrogram.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read if the parameter indices for DynamicStitch does not match the shape of the parameter data.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read in GRUBlockCellGrad.

Upgrade tensorflow to version 2.11.1, 2.12.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35991, in TensorListScatter and TensorListScatterV2 via non scalar inputs.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in QuantizeAndDequantizeV2, via the MakeGrapplerFunctionItem function, if the inputs are greater than or equal to the sizes of outputs.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to another discovered instance of CVE-2022-35935 in SobolSample via assumed scalar inputs.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the MakeGrapplerFunctionItem function, if the inputs given are greater than or equal to the sizes of the outputs.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2.

Upgrade tensorflow to version 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.ImageProjectiveTransformV2 when a large output shape is given.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a y_pred and y_true that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment.

Upgrade tensorflow to version 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow via tf.raw_ops.FusedResizeAndPadConv2D when a large tensor shape is given.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size when tf.raw_ops.ResizeNearestNeighborGrad is given a large size input.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to a missing check of tf.image.generate_bounding_box_proposals that receives a scores input that must be of rank 4 when running on GPU.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char* array and then it is typecasted to the element type.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when ThreadUnsafeUnigramCandidateSampler is given input filterbank_channel_count greater than the allowed max size.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Reachable Assertion when tf.raw_ops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. This is If MirrorPadGrad is given outsize input paddings.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when FractionMaxPoolGrad is given outsize inputs row_pooling_sequence and col_pooling_sequence.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.raw_ops.TensorListConcat is given element_shape=[].

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when BCast::ToShape is given input larger than an int32, even if it is being supposed to handle up to an int64.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference because the pywrap code fails to parse the tensor and returns a nullptr if a list of quantized tensors is assigned to an attribute.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of data_ptr += num_channels; it should be data_ptr += output_num_channels; as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.

Note: This attack only works if the reference kernel resolver is used in the interpreter.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.raw_ops.CompositeTensorVariantToComponents.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.raw_ops.PyFunc.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when SparseFillEmptyRowsGrad is given empty inputs.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the input sparse_matrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.raw_ops.SparseMatrixNNZ.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This is due to the inputs dense_features or example_state_data not being of rank 2 which will trigger a CHECK fail in SdcaOptimizer.

Upgrade tensorflow to version 2.8.4, 2.9.3, 2.10.1, 2.11.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read via the GatherNd function, when the given inputs to the function are greater than or equal to the sizes of the outputs.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger the exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RandomPoissonV2 receives large input shapes and rates, it gives a CHECK fail that can trigger the exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Conv2DBackpropInput receives empty out_backprop inputs (e.g. [3, 1, 0, 1]).

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when AudioSummaryV2 receives an input sample_rate with more than one element, it gives a CHECK fails that can be used to trigger the exploitation of the vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tensorflow::full_type::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.quantization.fake_quant_with_min_max_vars_gradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger the exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizeAndDequantizeV3 is given a nonscalar num_bits input tensor, it results in a CHECK fail that can be used to trigger the exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in tf.reshape due to a CHECK-failure caused by overflowing the number of elements in a tensor.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.random.gamma receives large input shapes and rates.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the scatter_nd function in TF Lite, when an input index is greater than the output tensor or less than zero.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via CHECK-failure caused by assuming input(0), input(1), and input(2) to be scalar.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, it triggers the exploitation of the vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RaggedTensorToVariant is given a rt_nested_splits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger the exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger the exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when SparseBincount is given inputs for indices, values, and dense_shape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when LRNGrad is given an output_image input tensor that is not 4-D.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the FractionalMaxPoolGrad function validates its inputs with CHECK failures instead of returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.linalg.matrix_rank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for min_features or max_features, it results in a segfault that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the implementation of Conv2DBackpropInput requires input_sizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when MaxPool receives a window size input array ksize with dimensions greater than its input tensor input, the GPU kernel gives a CHECK fail that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of orig_input_shape in AvgPoolGrad.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when LowerBound or UpperBound is given an empty sorted_inputs input.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizeDownAndShrinkRange is given nonscalar inputs for input_min or input_max, it results in a segfault that can be used to trigger an exploitation.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger the exploitation of this vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger the exploitation of the vulnerability.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when TensorListFromTensor receives an element_shape of a rank greater than one.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the FakeQuantWithMinMaxVars function is given min or max tensors of a nonzero rank.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedInstanceNorm is given x_min or x_max tensors of a nonzero rank.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when CollectiveGather receives a scalar input input, which results in a CHECK failure.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when Unbatch receives a nonscalar input id, it results in a CHECK fail.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedAdd is given min_input or max_input tensors of a nonzero rank.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation of orig_input_tensor_shape in FractionalAvgPoolGrad.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation of orig_input_shape in AvgPool3DGradOp.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedMatMul is given nonscalar input for min_a, max_a, min_b, and max_b.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedAvgPool is given min_input or max_input tensors of a nonzero rank.

import tensorflow as tf

ksize = [1, 2, 2, 1]
strides = [1, 2, 2, 1]
padding = "SAME"
input = tf.constant(1, shape=[1,4,4,2], dtype=tf.quint8)
min_input = tf.constant([], shape=[0], dtype=tf.float32)
max_input = tf.constant(0, shape=[1], dtype=tf.float32)
tf.raw_ops.QuantizedAvgPool(input=input, min_input=min_input, max_input=max_input, ksize=ksize, strides=strides, padding=padding)

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when a nonscalar id is provided to the UnbatchGradOp function, and batch_index is incorrect.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation in BlockLSTMGradV2.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when QuantizedBiasAdd is given min_input, max_input, min_bias, max_bias tensors of a nonzero rank, it results in a segfault.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK failure in TensorListReserve via missing validation. Exploiting this vulnerability is possible when a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleElement.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK fail in SetSize, when SetSize receives an input set_shape that is not a 1D tensor.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK fail in EmptyTensorList when it receives an input element_shape with more than one dimension.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when Eig can be fed an incorrect Tout input, resulting in a CHECK fail that can trigger a denial of service attack.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation when converting transposed convolutions using per-channel weight quantization, the converter segfaults and crashes the Python process.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference through mlir::tfg::TFOp::nameAttr, when it receives null type list attributes.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation when Requantize is given input_min, input_max, requested_output_min, requested_output_max tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero when Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) when providing an empty function attributes to mlir::tfg::ConvertGenericFunctionToFunctionDef.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound when RangeSize function receives values that do not fit into an int64_t.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK failure when DrawBoundingBoxes receives an input boxes that are not of dtype float.

Upgrade tensorflow to version 2.7.2, 2.8.1, 2.9.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:

import tensorflow as tf

input = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
filter_sizes = tf.constant(1879048192, shape=[13], dtype=tf.int32)
out_backprop = tf.constant(1, shape=[1, 4, 4, 3], dtype=tf.float32)
tf.raw_ops.DepthwiseConv2dNativeBackpropFilter(
    input=input, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], padding="SAME")

This is due to an incomplete fix for CVE-2021-41197.

Upgrade tensorflow to version 2.8.1, 2.7.2, 2.6.4 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of tf.histogram_fixed_width, when the values array contains Not a Number (NaN) elements. The implementation assumes that all floating-point operations are defined and then converts a floating-point result to an integer index. If values contains NaN then the result of the division is still NaN and the cast to int32 would result in a crash.

Note: This only occurs on the CPU implementation.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation because the implementation of tf.raw_ops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when the resource handle is empty.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Certain TFLite models that were created using the TFLite model converter would crash when loaded in the TFLite interpreter. During quantization, the scale of values could be greater than 1 but the code always assumes sub-unit scaling. Thus, since the code was calling QuantizeMultiplierSmallerThanOneExp, the TFLITE_CHECK_LT assertion would trigger and abort the process.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) because the implementation of tf.raw_ops.StagePeek does not fully validate the input arguments, assuming that the index argument is a scalar when accessing its value.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). The implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code assumes num_segments is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a CHECK-failure (assertion failure), as per TFSA-2021-198.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of `tf.ragged.constant not fully validating the input arguments.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Type Confusion because the macros used for writing assertions (e.g., CHECK_LT, CHECK_GT, etc.) have incorrect logic when comparing size_t and int values. Due to type conversion rules, several of the macros would be triggered incorrectly.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when calling tf.compat.v1.* ops which don't have support for quantized types.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the improper implementation of tf.raw_ops.SpaceToBatchND which can result in a CHECK-failure.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation because the implementation of tf.raw_ops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution which is an undefined behavior.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write because the implementation of tf.raw_ops.EditDistance have an incomplete validation which allows users to pass negative values for loc.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper input validation under certain condition in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d, results in CHECK failures.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper fix of CVE-2021-41228. Exploiting this vulnerability is possible via the saved_model_cli tool and can be abused to open a reverse shell.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.Conv3DBackpropFilterV2 which does not fully validate that filter_sizes argument is a vector.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.SparseTensorToCSRSparseMatrix which does not fully validate the input arguments. It assumes that dense_shape is a vector and indices is a matrix (as part of requirements for sparse tensors) without validating it.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.UnsortedSegmentJoin which does not fully validate the input arguments, assuming num_segments is a scalar without validating this before accessing its value.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the implementation of tf.raw_ops.LoadAndRemapMatrix which does not fully validate the input arguments, assuming initializing_values is a vector without validating it before accessing its value.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.LSTMBlockCell does not fully validate the input arguments. The code does not validate the ranks of any of the arguments to this API call. This results in CHECK-failures when the elements of the tensor are accessed.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.TensorSummaryV2 does not fully validate the input arguments.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) where the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments, which could result in a CHECK failure.

Upgrade tensorflow to version 2.6.4, 2.7.2, 2.8.1, 2.9.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the Grappler component during cost estimation for crop and resize due to these parameters being user-controlled.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an invalidated CHECK assertion based on user controlled arguments. This happens during the decoding of a tensor from a protobuf, when the TensorFlow process encounters such a failed assertion case if the tensors have an invalid dtype and 0 elements or an invalid shape.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the implementation of GetInitOp. A malicious actor can change the SaveModel protobuf format on disk before loading, to cause the find function used inside GetInitOp to return a nullptr.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a maliciously altered SavedModel such that AttrDef's of some operations are duplicate, causing an assertion failure (CHECK-fail).

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bound via a typo in TensorFlow's SpecializeType. A nested loop inside a function initializes a pointer to an argument (arg) by using the outer loop's index (i), instead of the inner loop index (j), allowing to assign to arg from outside the vector of arguments, resulting in the ability to read/write out of bounds.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via the set_output() function in the Grappler component, which writes to an array at a specified index, giving the user the ability to write to a specific location in memory.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an assertion failure. If some conditions are met, it's possible for a type to fail to specialize during shape inference. The DCHECK function is supposed to take care of this, but is a no-op in production builds and an assertion failure in debug builds, which leads to assertion failures in both cases.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference during the process of decoding a tensor from protobuf. If attributes of some mutable arguments to some operations are missing from the proto a null pointer dereference occurs. This should be taken care of by a DCHECK, however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a CHECK assertion invalidation based on user controlled arguments during the decoding of a resource handle tensor from protobuf.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted TFLite model that would trigger a division by zero in BiasAndClamp function implementation, as the function doesn't check if one of its arguments, bias_size, is a non-zero.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via a maliciously crafted TFLite model that would cause an integer overflow in the TfLiteIntArrayCreate function. The TfLiteIntArrayGetSizeInBytes function, which is called from TfLiteIntArrayCreate, returns an int instead of a size_t. The user controlled variable computed_size (a variable inside the TfLiteIntArrayGetSizeInBytes function) can overflow the size of the int datatype.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use of Uninitialized Resource via the implementation of the AssignOp function can result in copying uninitialized data to a new tensor, leading to undefined behaviour.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the ImmutableExecutorState::Initialize function implementation, which can result in a memory leak if a graph node is invalid.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Race Condition via the tempfile.mktemp function which is used to create temporary files. This is risky, as a different process can create the file after the check for the filename in mktemp, and the actual creation of the file by the next operation (Time of Check/Time of Use).

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted TFLite model that would cause a write outside of bounds of an array in TFLite. It is possible to override the linked list used by the memory allocator.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow. An attacker can craft a TFLite model that would cause this issue, due to the fact that both embedding_size and lookup_size are products of values provided by the user. Therefore, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in TFLite, due to missing validation in the conversion from sparse tensors to dense tensors.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in the Range implementation, which can cause OOM and undefined behaviour.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Use After Free in DecodePng kernel. This can happen because the values of decode.width and decode.height are in an unspecified state after png::CommonFreeDecode(&decode) gets called.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via invalid PNG images that are put through the decoding process. After calling png::CommonInitDecode(..., &decode), the decode value contains allocated buffers which can only be freed by calling png::CommonFreeDecode(&decode). However, the function implementation invokes the OP_REQUIRES macro which immediately terminates the execution of the function, not allowing the memory to be freed.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow by letting the runtime assume that the GraphDef format does not allow recursive functions. However, a GraphDef containing a crafted fragment with a recursive function can be consumed when loading a SavedModel, which would lead to a stack overflow during execution.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by allocating a large vector, based on a value from a tensor controlled by the user during shape inference.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). This can be caused by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by altering a SavedModel, using the Grappler optimizer, such that SafeToRemoveIdentity would trigger CHECK failures.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an altering of a SavedModel such that TensorByteSize would trigger CHECK failures.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the Grappler component. This can occur twice for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place).

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the altering of a SavedModel such that any binary op would trigger CHECK failures.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a CHECK-fail in the Tensor constructor as reference types are not allowed. A malicious user can cause this by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the implementation of OpLevelCostEstimator::CalculateTensorSize if an attacker can create an operation that would involve a tensor with a large enough number of elements.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference when BuildXlaCompilationCache is built and if default settings are used.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1, 2.8.0 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer overflow in OpLevelCostEstimator::CalculateOutputSize, where an attacker can create an operation which would involve tensors with large enough number of elements.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to integer overflow in StringNGrams.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in ThreadPoolHandle.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Buffer Overflow in shape inference for Dequantize.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds which does not fully validate the value of axis in the implementation of Dequantize.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-Bounds in FractionalAvgPoolGrad which does not consider cases where the input tensors are invalid.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in AddManySparseToTensorsMap which results in a CHECK-fail when building new TensorShape objects.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow in sparse component-wise ops implementation. This can be used to trigger large allocations or CHECK-fails when building new TensorShape object.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Improper Input Validation in SparseTensorSliceDataset which can dereference a nullptr value.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of AddManySparseToTensorsMap that is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects (so, an assert failure based denial of service). There are some missing validation on the shapes of the input tensors as well as directly constructing a large TensorShape with user-provided dimensions.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Type Confusion in shape inference for ConcatV2.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the implementation of UnravelIndex() function, which results in a division by zero.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero when executing convolution operators.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Out-of-bounds Read which does not fully validate the value of batch_dim in the implementation of shape inference for ReverseSequence.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of the FractionalMaxPool() function, which can be made to crash a TensorFlow process via a division by 0.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of the MapStage function, in which a CHECK-fail if the key tensor is not a scalar.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of SparseCountSparseOutput() function which can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.

###PoC

import tensorflow as tf
import numpy as np
    
tf.raw_ops.SparseCountSparseOutput(
  indices=[[1,1]],
  values=[2],
  dense_shape=[2 ** 31, 2 ** 32],
  weights=[1],
  binary_output=True,
  minlength=-1,
  maxlength=-1,
  name=None)

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via CHECK-fails (i.e., assertion failures) when building invalid/overflowing tensor shapes, similar to CVE-2021-41197.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to NULL Pointer Dereference via the implementation of the QuantizedMaxPool() function, which has an undefined behavior where user-controlled inputs can trigger a reference binding to a null pointer.

###PoC

import tensorflow as tf

tf.raw_ops.QuantizedMaxPool(
    input = tf.constant([[[[4]]]], dtype=tf.quint8),
    min_input = [],
    max_input = [1],
    ksize = [1, 1, 1, 1],
    strides = [1, 1, 1, 1],
    padding = "SAME", name=None
)

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the implementation of *Bincount() functions. A malicious actor can take advantage of several conditions that inputs must satisfy but are not being checked - by passing in arguments that would trigger a CHECK-fail.

###PoC

import tensorflow as tf

tf.raw_ops.DenseBincount(
  input=[[0], [1], [2]],
  size=[1],
  weights=[3,2,1],
  binary_output=False)

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the implementation of SparseCountSparseOutput.

###PoC

import tensorflow as tf
import numpy as np

tf.raw_ops.SparseCountSparseOutput(
  indices=[[-1,-1]],
  values=[2],
  dense_shape=[1, 1],
  weights=[1],
  binary_output=True,
  minlength=-1,
  maxlength=-1,
  name=None)

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Division by zero via a specially crafted TFLite model that would trigger the division in the implementation of depthwise convolutions. The parameters of the convolution can be user-controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.

Upgrade tensorflow to version 2.5.3, 2.6.3, 2.7.1 or higher.

tensorflow is a machine learning framework.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via a crafted archive when tf.keras.utils.get_file is used with extract=True.

NOTE: This CVE is disputed as the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives. However, we feel this advisory is relevant as at the time of publication, there is no known security notice or documentation warning users of this behavior.

UPDATE: With the addition of a clear warning to the API documentation on Feb 23, 2023, this issue is considered fixed.

Upgrade tensorflow to version 2.12.0rc1 or higher.