AI Sec Watch

TensorFlow, an open source machine learning platform, has a vulnerability where the `MirrorPadGrad` function crashes with a heap OOB error (out-of-bounds memory access, where the software tries to read memory it shouldn't) when given incorrectly sized input padding values. This bug allows attackers to potentially crash TensorFlow applications.

TensorFlow Lite's `CONV_3D_TRANSPOSE` operator (a component that flips and reorganizes 3D data during machine learning processing) had a bug where it incorrectly calculated memory addresses when adding bias values, potentially allowing an attacker to write data outside the intended memory area (buffer overflow, where data gets written beyond allocated boundaries). The vulnerability only affects users who employ TensorFlow's default kernel resolver in their interpreter.

TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.TensorListResize` function where providing a nonscalar value (a value that isn't a single number) for the `size` input causes a CHECK fail, which can be exploited to trigger a denial of service attack (making the system crash or become unavailable).

TensorFlow, an open source machine learning platform, has a vulnerability where a specific function called `tf.raw_ops.TensorListConcat` crashes with a segmentation fault (a memory error that causes a program to suddenly stop) when given certain invalid input. This crash can be exploited to cause a denial of service attack (making the service unavailable to users).

TensorFlow is a machine learning platform that had a bug where a function called `BCast::ToShape` would crash when given very large numbers (larger than an `int32`, which is a 32-bit integer) even though it was designed to handle even larger numbers called `int64`. This bug could be triggered by using the `tf.experimental.numpy.outer` function with large inputs.

TensorFlow, an open source machine learning platform, had a bug where passing quantized tensors (specially compressed numeric data) to certain functions caused the parsing code to fail silently and return a null pointer (empty reference) instead of the expected data. This could cause crashes or unexpected behavior in machine learning programs using affected TensorFlow functions.

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.image.generate_bounding_box_proposals` function when running on GPU. The function fails to validate that the `scores` input has the correct rank (dimension structure), which could cause problems. This is classified as improper input validation (CWE-20, where a program doesn't properly check if data meets required specifications).

TensorFlow's poisson loss function (a tool for measuring prediction errors in machine learning) crashes when certain input dimensions multiply together and exceed the limit of a 32-bit integer, causing a size mismatch during broadcast assignment (aligning data for computation). The vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open source platform for machine learning) has a bug in the `tf.raw_ops.ImageProjectiveTransformV2` function where it overflows (uses more memory than available) when given a large output shape. This vulnerability was caused by an incorrect calculation of buffer size (the amount of memory needed to store data).