AI Sec Watch

TensorFlow's TFLite (a lightweight version of the machine learning platform) has a bug in its convolution code (math operations that process image data) where user-controlled values can be used as divisors without checking if they're zero, which could cause crashes or unexpected behavior. This happens because division by zero is not prevented in the code.

TensorFlow, a platform for building machine learning models, has a vulnerability in its `BatchToSpaceNd` operator (a function that reshapes data), which can crash when an attacker provides specially crafted input that causes a division by zero error (attempting to divide by zero, which is mathematically impossible). An attacker could exploit this to cause the software to malfunction.

A previous security fix for TensorFlow (a machine learning platform) didn't work properly when the Reshape operator (which changes a tensor's shape, or dimensions) received its target shape from a 1-D tensor (a single row of data). This incomplete fix accidentally allowed a problematic null-buffer-backed tensor (a data structure with no actual memory backing) to be used, creating a security weakness.

TensorFlow, an open-source machine learning platform, has a vulnerability where TFlite graphs (computational structures that define ML models) were not properly checked to prevent loops between nodes. An attacker could create malicious models that cause infinite loops or stack overflow (running out of memory from too many nested function calls) during model evaluation, potentially crashing the system.

TensorFlow (an open source machine learning platform) has a vulnerability in its `Minimum` and `Maximum` operators that can allow reading data outside the bounds of allocated memory if one of the input tensors is empty, because the broadcasting implementation (the process of making tensors compatible for operations) doesn't check whether array indexes are valid. This is a memory access bug that could expose sensitive data.

TensorFlow, an open source machine learning platform, has a vulnerability in its GatherNd operator (a function that gathers data from a tensor, or multi-dimensional array) where an attacker can cause a division by zero error (a crash caused by dividing by zero) by crafting a malicious model with an empty input. This could allow an attacker to crash or disrupt applications using this operator.

TensorFlow, an open source machine learning platform, has a vulnerability in its `TransposeConv` operator (a neural network layer that reshapes data) where a division by zero error can occur if an attacker creates a malicious model with stride values set to 0. This bug could cause the software to crash or behave unexpectedly when processing such a model.

TensorFlow, an open-source machine learning platform, has a vulnerability in its `SpaceToDepth` operator (a tool that rearranges data in neural networks) where the code doesn't check if a value called `block_size` is zero before dividing by it, which could cause a crash. An attacker could create a malicious model that sets `block_size` to zero to trigger this division-by-zero error.

TensorFlow's pooling code (the part that downsamples data in neural networks) has a bug where it doesn't check if stride values, which control how much data to skip, are zero before doing math with them. An attacker can create a special machine learning model that forces stride to be zero, causing a division by zero error (dividing by zero, which crashes programs) that could crash or be exploited.