AI Sec Watch

TensorFlow (an open source machine learning platform) has a vulnerability where invalid input to a specific function causes a segfault (a crash where the program tries to access memory it shouldn't). The bug occurs when `tf.raw_ops.CompositeTensorVariantToComponents` receives an `encoded` parameter that is not a valid `CompositeTensorVariant` tensor (a data structure for machine learning computations).

TensorFlow, an open-source machine learning platform, has a vulnerability where passing a `token` input that is not UTF-8 encoded (a character encoding standard) causes the `tf.raw_ops.PyFunc` function to crash with a CHECK fail (a safety check that stops execution when something is wrong). This is a type of improper input validation weakness, meaning the function doesn't properly check whether its input is in the correct format before processing it.

TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResizeNearestNeighborGrad` function where a large `size` input causes an integer overflow (a calculation error where a number becomes too big for its storage space). This bug allows an attacker to potentially crash the system or execute malicious code.

TensorFlow, an open source machine learning platform, has a bug where invalid input to the `SparseMatrixNNZ` function (a function that counts non-zero values in a sparse matrix, which is a matrix stored efficiently by only keeping non-zero elements) causes the program to crash with a CHECK fail (an assertion error, where the program stops because a required condition wasn't met). This vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open source machine learning platform) has a security vulnerability in its FractionalMaxPool and FractionalAvgPool functions when given invalid pooling_ratio values. Attackers can exploit this to access heap memory (the computer's temporary storage area outside normal program control), potentially causing the system to crash or allowing remote code execution (running harmful commands on someone else's computer).

TensorFlow (an open source machine learning platform) has a bug where certain inputs with incorrect dimensions crash the SdcaOptimizer component due to a failed validation check. This happens when `dense_features` or `example_state_data` inputs don't have the expected 2D structure (rank 2, meaning a table with rows and columns).

TensorFlow, an open source machine learning platform, crashes when a function called `SparseFillEmptyRowsGrad` receives empty inputs instead of data. This happens because the code doesn't properly validate (check) what data it receives before trying to process it.

TensorFlow (an open-source machine learning platform) crashes when a function called `FractionMaxPoolGrad` receives oversized inputs for `row_pooling_sequence` and `col_pooling_sequence` parameters. This is caused by an out-of-bounds read (accessing memory locations outside the intended range), which allows the program to fail unexpectedly.

TensorFlow (an open-source platform for machine learning) has a vulnerability where a function called `ThreadUnsafeUnigramCandidateSampler` crashes if it receives an input value for `filterbank_channel_count` that exceeds the maximum allowed size. This is caused by improper input validation (failure to check that user-provided values are within acceptable limits).