AI Sec Watch

TensorFlow (an open-source machine learning framework) has a vulnerability where a malicious user can trigger a use after free bug (accessing memory that has already been freed) when decoding PNG images. The problem occurs because after a memory cleanup function is called, the width and height values are left in an unpredictable state.

A vulnerability in TensorFlow (an open-source machine learning framework) allows a malicious user to cause a denial of service (making a service unavailable) by modifying a SavedModel (a format for storing trained models) so that binary operations receive corrupted data due to type confusion (using data as if it were a different type than it actually is). This type mismatch between expected and actual data types can cause the program to crash.

A vulnerability in TensorFlow (an open-source machine learning framework) allows attackers to cause a denial of service (making a service unavailable) by modifying a SavedModel (a serialized TensorFlow model) so that the TensorByteSize function crashes. The problem occurs because the TensorShape constructor crashes when it encounters partial shapes (incomplete dimension information) or very large numbers, instead of gracefully handling them like PartialTensorShape does.

A vulnerability in TensorFlow (an open source machine learning framework) exists in the Grappler optimizer, which can be exploited to cause a denial of service (making a system unavailable by overloading it) by modifying a SavedModel file so that a function called IsSimplifiableReshape triggers CHECK failures (unexpected error conditions that crash the program).

TensorFlow, an open-source machine learning framework, has a vulnerability in its shape inference process where it can allocate a large vector based on user-controlled input, potentially causing uncontrolled resource consumption (using excessive memory or CPU). This happens because the system doesn't properly validate the size of data requested by users.

TensorFlow (an open source machine learning framework) has a vulnerability in its Grappler optimizer (a tool that improves how machine learning models run) that allows attackers to cause a denial of service (making the system stop working) by modifying a SavedModel (a saved machine learning model) in a way that triggers crashes. This vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open-source machine learning framework) has a memory leak bug in a function called `ImmutableExecutorState::Initialize`. When a graph node (a processing unit in a machine learning model) is invalid, the software sets a pointer (a reference to a location in memory) to null without freeing the memory it previously pointed to, causing that memory to be wasted and unavailable for other tasks.

TensorFlow, an open source machine learning framework, has a vulnerability in the `GetInitOp` function that can crash the software through a null pointer dereference (accessing memory that doesn't exist). The vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open-source machine learning framework) has a vulnerability in its `OpLevelCostEstimator::CalculateOutputSize` function where an integer overflow (when a calculation produces a number too large for the system to handle) can occur if an attacker creates an operation with tensors (multi-dimensional arrays of numbers) containing enough elements. The vulnerability can be triggered either by using many dimensions or by making individual dimensions large enough to cause the overflow.