AI Sec Watch

TensorFlow has a vulnerability (CVE-2021-29533) where an attacker can crash the application by sending an empty image to the `tf.raw_ops.DrawBoundingBoxes` function. The bug exists because the code uses `CHECK` assertions (which crash the program on failure) instead of `OP_REQUIRES` (which returns an error message to the user) to validate user input, causing the program to abort when it receives invalid data.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedCross` function that allows attackers to access memory outside the intended boundaries of arrays (heap OOB reads, meaning out-of-bounds reads in heap memory) by sending specially crafted invalid tensor values. The problem occurs because the code doesn't validate user-supplied arguments before using them to access array elements.

TensorFlow has a vulnerability where an attacker can crash the system by sending an empty image tensor to the PNG encoding function. The code only checks if the total pixels overflow, but doesn't validate that the image actually contains data, so passing an empty matrix causes a null pointer (a reference to nothing in memory) that crashes the program in a denial of service attack (making the service unavailable).

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can cause a null pointer dereference (accessing memory that doesn't exist, crashing the program) by providing invalid input to a specific function called `tf.raw_ops.SparseMatrixSparseCholesky`. The problem occurs because the code fails to properly validate inputs due to a macro that returns early from a validation function without stopping the main code from continuing.

TensorFlow has a heap buffer overflow vulnerability (a memory access bug where data is written beyond allocated space) in its image resizing function that can be triggered by specially crafted input values causing incorrect array index calculations. An attacker can exploit this by manipulating floating-point numbers so that rounding errors cause the function to access memory outside the intended image data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a division by zero error in the `tf.raw_ops.QuantizedMul` function by controlling a value used in a division operation. This crash could disrupt systems using the affected code.

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (crashing the program by dividing by zero) in the `tf.raw_ops.QuantizedConv2D` function by controlling a value that the code divides by. This happens because the code doesn't check if that value is zero before using it in math.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in the Conv2D function (a tool that processes image data) by controlling certain input values. This crash occurs because the code divides by a number that comes directly from the attacker's input without checking if it's zero first.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in a specific function called `tf.raw_ops.Conv2DBackpropInput` by controlling certain input values. This happens because the code divides by a number that comes from the attacker's input without checking if it's zero first.