AI Sec Watch

TensorFlow, an open-source machine learning platform, has a vulnerability in its shape inference code for the `QuantizeV2` function that allows reading memory outside of the intended boundaries (heap OOB read, or out-of-bounds read) when the `axis` parameter is given a negative value less than -1. This happens because the code doesn't properly validate that negative axis values stay within acceptable bounds before accessing memory.

TensorFlow, an open source platform for machine learning, has a vulnerability in its shape inference functions for `QuantizeAndDequantizeV*` operations that can cause the program to read data outside the bounds of allocated memory (an out-of-bounds read, which is a memory safety error). This affects multiple versions of TensorFlow.

TensorFlow, an open source machine learning platform, has a bug in its Grappler optimizer (the part that optimizes computational graphs) where constant folding (simplifying calculations before running them) incorrectly tries to copy resource tensors (special data structures that shouldn't be modified), causing the program to crash. The issue affects multiple versions of TensorFlow.

TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause crashes or undefined behavior (unpredictable program execution) by modifying saved checkpoints (saved states of a trained model) from outside the system, because the checkpoint loading code doesn't properly validate file formats. This affects multiple versions of TensorFlow that are still being supported.

TensorFlow, an open source machine learning platform, had a vulnerability in its shape inference functions for `SparseCountSparseOutput` that could cause an out-of-bounds read (accessing memory outside the intended area of a heap-allocated array, which can crash the program or leak data). This vulnerability affected multiple versions of TensorFlow.

TensorFlow, an open source machine learning platform, has a bug in the `EinsumHelper::ParseEquation()` function where it fails to properly initialize certain flags (variables that track whether ellipsis notation is used in inputs and outputs). The function only sets these flags to true but never to false, which can cause the program to read uninitialized memory (garbage values) if code calling this function assumes the flags are always set correctly.

TensorFlow (an open source platform for machine learning) has a bug where calling a specific function called `tf.summary.create_file_writer` with non-scalar arguments (values that aren't single numbers) causes the program to crash due to a failed assertion check. This vulnerability affects several versions of TensorFlow.

TensorFlow (an open source machine learning platform) has a bug in its `tf.image.resize` function where using very large input values causes the program to crash due to an integer overflow (when a number becomes too large for its storage type). The overflow is caught by a safety check that stops the entire process.

TensorFlow (an open source machine learning platform) crashes when the `tf.tile` function (which repeats tensor data) is called with very large inputs, because the number of output elements exceeds what an `int64_t` integer type can hold, causing an overflow that triggers a safety check and terminates the process.