AI Sec Watch

TensorFlow, a popular machine learning platform, has a bug in TFLite (TensorFlow Lite, a lightweight version for mobile and embedded devices) where a function called `ComputeOutSize` divides by a `stride` parameter without checking if it's zero first. An attacker could create a specially crafted model that triggers this division-by-zero error, potentially crashing the application.

TensorFlow (a machine learning platform) has a vulnerability where an attacker can crash the system by triggering an integer overflow (when a number becomes too large for the system to handle) in the code that creates tensor shapes (multi-dimensional arrays). The problem occurs because the code doesn't check if dimension calculations will overflow before creating a new tensor shape.

TensorFlow's `tf.raw_ops.FusedBatchNorm` function has a vulnerability where it doesn't properly check that certain input values (scale, offset, mean, and variance) match the size of the data being processed, which can cause a heap buffer overflow (reading data beyond allocated memory boundaries) or crash the program by accessing null pointers if empty tensors are provided.

TensorFlow, a popular machine learning platform, has a vulnerability in its `Dequantize` operation where the code doesn't check that two input values (called `min_range` and `max_range` tensors, which are multi-dimensional arrays of data) have matching dimensions before using them together, allowing an attacker to read memory from outside the intended area. This is a type of memory safety bug that could let attackers access sensitive data or crash the system.

TensorFlow, a machine learning platform, has a vulnerability in one of its functions (`tf.raw_ops.CTCBeamSearchDecoder`) that fails to check if input data is empty before processing it. When an attacker provides empty input, the software crashes (segmentation fault, which is when a program tries to read from memory it shouldn't access), causing a denial of service (making the system unavailable).

TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.FractionalMaxPoolGrad` function that can crash the program when given empty input tensors (arrays of data with no elements). The bug occurs because the code doesn't properly check that input and output tensors are valid before processing them, which can be exploited to cause a denial of service attack (making the system unavailable).

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.MaxPoolGrad` function called a heap buffer overflow (a bug where a program writes data beyond the memory it's allowed to use). The vulnerability occurs because the code doesn't properly check that array indices are valid before accessing data, which could allow attackers to read or corrupt memory.

TensorFlow (an open-source machine learning platform) has a vulnerability in a function called `tf.raw_ops.FractionalAvgPoolGrad` that can cause a heap buffer overflow (a memory error where a program writes data beyond allocated space). The bug happens because the code doesn't properly check that input arguments have the correct size before processing them.

A vulnerability called CVE-2021-29577 exists in TensorFlow (an open source platform for machine learning) in a function called `tf.raw_ops.AvgPool3DGrad`. The function has a heap buffer overflow (a memory safety bug where code writes data beyond the limits of allocated memory), which happens because the code assumes two data structures called `orig_input_shape` and `grad` tensors (multi-dimensional arrays of data) have matching dimensions but doesn't actually verify this before proceeding.