AI Sec Watch

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV4Grad` function where a negative integer is incorrectly converted to an unsigned integer, causing an integer overflow (when a number becomes too large for its data type) and potentially allocating excessive memory. This bug could allow attackers to crash the system or cause other harmful effects.

TensorFlow (an open source machine learning platform) has a vulnerability where passing a negative number to the `num_elements` argument of `tf.raw_ops.TensorListReserve` causes the program to crash. The problem occurs because the code uses `std::vector.resize()` (a function that changes the size of a data container) with user input without checking if that input is valid first.

TensorFlow, a machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedGather` function where invalid input arguments can cause the program to read memory outside the bounds of allocated buffers (a heap buffer overflow). The bug occurs because the code reads tensor dimensions without first checking that the tensor has at least one dimension, and doesn't verify that required tensor lists aren't empty.

TensorFlow, a popular machine learning platform, has a bug in its sparse reduction operations (functions that combine data in a specific way) that can cause the software to access memory outside its allocated boundaries. The problem occurs because the code doesn't properly check that reduction groups stay within valid limits or that index values point to valid parts of the input data.

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.UncompressElement` function where it tries to use a pointer (a reference to a location in memory) without checking if that pointer is valid, causing a null pointer dereference (crash when accessing an empty memory location). An attacker could exploit this by providing specially crafted data to crash the program.

TensorFlow (an open source platform for machine learning) has a vulnerability where the `tf.raw_ops.SparseTensorSliceDataset` function can crash by trying to access memory that doesn't exist (null pointer dereference) when a user provides incomplete arguments for a sparse tensor (a data structure optimized for data with many zero values). The bug occurs because the code doesn't properly validate the case when one part of the sparse tensor is empty but the other part is provided.

TensorFlow has a vulnerability where the MatrixDiagPartOp function doesn't check if input data exists before reading from it, causing either a null pointer dereference (a crash from accessing memory that doesn't exist) or incorrect behavior that ignores most of the data. This happens when users don't provide valid padding values to this operation.

TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the program or read memory they shouldn't access by providing incomplete or missing tensor names when restoring data. The bug happens because the code doesn't check if there are enough items in a list before trying to access them, leading to either a null pointer dereference (a crash from accessing invalid memory) or an out-of-bounds read (accessing memory outside the intended storage area).

A vulnerability in TensorFlow (a machine learning platform) allows attackers to crash the program by sending an invalid empty list to the `tf.raw_ops.RaggedTensorToTensor` function, which tries to access the first element without checking if the list is empty first, causing undefined behavior (unpredictable program actions). This is a null pointer dereference (attempting to use a memory location that contains no valid data).