AI Sec Watch

A bug in TensorFlow's `tf.io.decode_raw` function causes incorrect results and crashes when using certain combinations of parameters. The problem stems from incorrect pointer arithmetic (moving through memory incorrectly), which causes the function to skip parts of input data and write outside the allocated memory bounds (OOB write, where data is written to memory locations it shouldn't access), potentially leading to crashes or more serious attacks.

TensorFlow (an open-source machine learning platform) has a vulnerability in its `tf.raw_ops.CTCLoss` function where incomplete validation (insufficient checking of input data) allows an attacker to trigger an OOB read from heap (accessing memory outside the intended boundaries). This is a memory safety issue that could crash the program or expose sensitive data.

TensorFlow has a vulnerability (CVE-2021-29612) where a specific operation called `tf.raw_ops.BandedTriangularSolve` can be tricked into accessing memory it shouldn't (a heap buffer overflow, where an attacker reads or writes beyond the intended memory boundaries). The bug happens because the code doesn't properly check if input data is empty, and it doesn't verify that earlier validation checks actually succeeded before continuing to process the data.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `SparseReshape` function where it doesn't properly check that input arguments are valid before using them. This incomplete validation allows an attacker to cause a denial of service (a crash that makes the system unavailable) by triggering a CHECK-failure, which is a built-in safety check that stops execution when something goes wrong.

TensorFlow has a vulnerability in the `QuantizeAndDequantizeV2` function where incorrect validation of the `axis` parameter allows invalid values to pass through, potentially causing heap underflow (a memory safety error where data is accessed below allocated memory boundaries). This flaw could let attackers read or write to other data stored in the heap (the area of memory used for dynamic storage).

TensorFlow's `SparseAdd` function (a tool for adding sparse tensors, which are data structures with mostly empty values) has incomplete validation that allows attackers to cause undefined behavior like accessing null memory or writing data outside allocated memory bounds. The vulnerability exists because the code doesn't properly check if tensors are empty or if their dimensions match, letting attackers send invalid sparse tensors that exploit unprotected assumptions.

TensorFlow, an open source machine learning platform, has a vulnerability in a function called `tf.raw_ops.RaggedTensorToTensor` that fails to properly validate (check) all input arguments. An attacker can cause undefined behavior (unpredictable crashes or memory access errors) by providing empty inputs, because the code only checks that one input isn't empty while skipping checks on the others.

TensorFlow, an open-source machine learning platform, has a bug in its `SparseAdd` function where it doesn't fully check the validity of sparse tensors (data structures that efficiently store mostly empty matrices). This allows attackers to send malformed tensors that can cause the program to crash or write data to unintended memory locations.

TensorFlow, an open source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where a maliciously designed model can trigger an OOB read (out-of-bounds read, accessing memory outside the intended data area) on the heap when the `Split_V` operation receives an invalid axis value that falls outside the expected range.