AI Sec Watch

An attacker can create a malicious TFLite model (a lightweight version of TensorFlow used on mobile devices) that causes an integer overflow (where a number gets too large to fit in its storage space, wrapping around to a negative or small value) in TensorFlow's `TfLiteIntArrayCreate` function. The vulnerability happens because the code returns an `int` instead of a larger `size_t` datatype, allowing attackers to manipulate model inputs so the calculated size exceeds what an `int` can hold.

TensorFlow, an open-source machine learning framework, has a vulnerability in its TFLite (TensorFlow Lite, a version optimized for mobile devices) model processor where an attacker can create a specially crafted model that causes a division by zero error (attempting to divide a number by zero, which crashes programs) in the `BiasAndClamp` function because the code doesn't check if `bias_size` is zero before using it.

A vulnerability in TensorFlow (an open-source machine learning framework) allows an attacker to create a malicious TFLite model (TensorFlow Lite, a lightweight version of TensorFlow) that causes a division by zero error in depthwise convolutions (a type of neural network operation). The bug occurs because the code divides by a user-controlled parameter without first checking that it is positive.

TensorFlow, an open-source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function that allows a heap overflow (a type of memory corruption where a program writes data beyond allocated memory boundaries). The vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open source machine learning framework) has a bug in its `QuantizedMaxPool` function where user-controlled inputs can trigger a null pointer dereference (a crash caused by the program trying to access memory that doesn't exist). The vulnerability allows attackers to potentially cause the program to crash or behave unpredictably.

TensorFlow, an open source machine learning framework, has a vulnerability in its `SparseCountSparseOutput` function where an integer overflow (a number becoming too large for its storage space) can crash the TensorFlow process during memory allocation. This vulnerability affects multiple versions of TensorFlow.

TensorFlow (an open-source machine learning framework) has a vulnerability in its Bincount operations that allows attackers to crash the system (denial of service) by sending specially crafted arguments that trigger internal safety checks to fail. The problem occurs because some invalid input conditions aren't caught early enough during the system's processing stages, leading to crashes when the system tries to allocate memory for output data.

TensorFlow (an open-source machine learning framework) has a vulnerability where certain operations can crash the program through denial of service attacks (making it unavailable by triggering assertion failures, which are safety checks in code that stop execution if something goes wrong). The developers have fixed the issue and plan to release patches across multiple supported versions.

TensorFlow, an open-source machine learning framework, has a vulnerability in its `FractionalMaxPool` function (a pooling operation used in neural networks) that can crash the program through a division by zero error (attempting to divide a number by zero, which is mathematically undefined). The vulnerability affects multiple versions of TensorFlow.