AI Sec Watch

An attacker can create a malicious TFLite model (a compressed machine learning format for mobile devices) that writes data outside the boundaries of an array in TensorFlow, potentially overwriting the memory allocator's linked list (a data structure that tracks available memory) to achieve arbitrary write access to system memory. This vulnerability affects multiple versions of TensorFlow, an open-source framework for building AI systems.

TensorFlow, an open-source machine learning framework, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where an attacker can create a specially crafted model that allows limited reads and writes outside of arrays by exploiting missing validation during conversion from sparse tensors (data structures with mostly empty values) to dense tensors (fully populated data structures). This vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open-source machine learning framework) has a vulnerability where an attacker can create a malicious TFLite model (a lightweight version of TensorFlow for mobile devices) that causes an integer overflow (when a number calculation exceeds the maximum value a computer can store) in embedding lookup operations. This overflow can sometimes lead to heap OOB read/write (accessing memory outside the intended boundaries), potentially allowing attackers to read or corrupt data.

An attacker can create a malicious TFLite model (a lightweight version of TensorFlow used on mobile devices) that causes an integer overflow (where a number gets too large to fit in its storage space, wrapping around to a negative or small value) in TensorFlow's `TfLiteIntArrayCreate` function. The vulnerability happens because the code returns an `int` instead of a larger `size_t` datatype, allowing attackers to manipulate model inputs so the calculated size exceeds what an `int` can hold.

TensorFlow, an open-source machine learning framework, has a vulnerability in its TFLite (TensorFlow Lite, a version optimized for mobile devices) model processor where an attacker can create a specially crafted model that causes a division by zero error (attempting to divide a number by zero, which crashes programs) in the `BiasAndClamp` function because the code doesn't check if `bias_size` is zero before using it.

A vulnerability in TensorFlow (an open-source machine learning framework) allows an attacker to create a malicious TFLite model (TensorFlow Lite, a lightweight version of TensorFlow) that causes a division by zero error in depthwise convolutions (a type of neural network operation). The bug occurs because the code divides by a user-controlled parameter without first checking that it is positive.

TensorFlow, an open-source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function that allows a heap overflow (a type of memory corruption where a program writes data beyond allocated memory boundaries). The vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open source machine learning framework) has a bug in its `QuantizedMaxPool` function where user-controlled inputs can trigger a null pointer dereference (a crash caused by the program trying to access memory that doesn't exist). The vulnerability allows attackers to potentially cause the program to crash or behave unpredictably.

TensorFlow, an open source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function where an integer overflow (a number becoming too large for its storage space) can crash the TensorFlow process during memory allocation. This vulnerability affects multiple versions of TensorFlow.