AI Sec Watch

TensorFlow Lite (TFLite, a lightweight version of TensorFlow for mobile and embedded devices) has a vulnerability in its `GatherNd` and `Gather` operations that fail to check for negative indices. An attacker can exploit this by creating a specially designed model with negative values to read sensitive data from the heap (temporary memory storage), potentially exposing private information.

TensorFlow, an open source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where a negative `axis` parameter value can cause the software to read data outside the intended memory area. This could potentially expose sensitive information or crash the program.

TensorFlow (an open source platform for machine learning) has a vulnerability in its pooling operations where the code doesn't check if divisors are zero before dividing, which can cause crashes. The issue has been patched and will be included in upcoming versions of TensorFlow.

TensorFlow, a popular machine learning platform, has a vulnerability in its division operation in TFLite (a lightweight version for mobile devices) where it doesn't check if the divisor (the number you're dividing by) is zero, which can cause crashes. The issue has been fixed and will be available in several updated versions of the software.

TensorFlow, an open-source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where operations using quantization (a technique that reduces model size by using lower-precision numbers) can accidentally use uninitialized values because the code doesn't properly check whether quantization settings are valid before using them. This could cause unpredictable behavior in machine learning models running on mobile or embedded devices.

TensorFlow has a vulnerability where nesting `tf.map_fn` (a function that applies operations to tensor elements) calls with RaggedTensor inputs (tensors with variable row lengths) and no function signature can leak uninitialized memory from the heap and potentially cause data loss. The bug occurs because the code doesn't verify that inner tensor shapes match when converting from a Variant tensor to a RaggedTensor.

TensorFlow and Keras had a security flaw where loading machine learning models from YAML files (a text format for storing data) could let attackers run arbitrary code (any commands they want) on a system. The problem was caused by using an unsafe YAML parser that doesn't validate what code it runs.

TensorFlow, an open-source machine learning platform, has a vulnerability in its shape inference code for the `tf.raw_ops.Dequantize` function that could crash a system (denial of service via segfault, which is when a program crashes due to accessing invalid memory) if an attacker provides invalid arguments. The bug exists because the code doesn't properly validate the `axis` parameter before using it to access tensor dimensions (the size measurements of data structures in machine learning).

TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause a denial of service (making a system unavailable by crashing it) through a segmentation fault (a memory error that crashes a program) in the MaxPoolGrad operation due to missing input validation on certain data structures called tensors. The vulnerability exists because an earlier fix for a related issue was incomplete.