AI Sec Watch

TensorFlow, an open source platform for machine learning, has a vulnerability in its shape inference functions for `QuantizeAndDequantizeV*` operations that can cause the program to read data outside the bounds of allocated memory (an out-of-bounds read, which is a memory safety error). This affects multiple versions of TensorFlow.

TensorFlow, an open source machine learning platform, has a bug in its Grappler optimizer (the part that optimizes computational graphs) where constant folding (simplifying calculations before running them) incorrectly tries to copy resource tensors (special data structures that shouldn't be modified), causing the program to crash. The issue affects multiple versions of TensorFlow.

TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause crashes or undefined behavior (unpredictable program execution) by modifying saved checkpoints (saved states of a trained model) from outside the system, because the checkpoint loading code doesn't properly validate file formats. This affects multiple versions of TensorFlow that are still being supported.

TensorFlow, an open source machine learning platform, had a vulnerability in its shape inference functions for `SparseCountSparseOutput` that could cause an out-of-bounds read (accessing memory outside the intended area of a heap-allocated array, which can crash the program or leak data). This vulnerability affected multiple versions of TensorFlow.

TensorFlow, an open source machine learning platform, has a bug in the `EinsumHelper::ParseEquation()` function where it fails to properly initialize certain flags (variables that track whether ellipsis notation is used in inputs and outputs). The function only sets these flags to true but never to false, which can cause the program to read uninitialized memory (garbage values) if code calling this function assumes the flags are always set correctly.

TensorFlow (an open source platform for machine learning) has a bug where calling a specific function called `tf.summary.create_file_writer` with non-scalar arguments (values that aren't single numbers) causes the program to crash due to a failed assertion check. This vulnerability affects several versions of TensorFlow.

TensorFlow (an open source machine learning platform) has a bug in its `tf.image.resize` function where using very large input values causes the program to crash due to an integer overflow (when a number becomes too large for its storage type). The overflow is caught by a safety check that stops the entire process.

TensorFlow (an open source machine learning platform) crashes when the `tf.tile` function (which repeats tensor data) is called with very large inputs, because the number of output elements exceeds what an `int64_t` integer type can hold, causing an overflow that triggers a safety check and terminates the process.

TensorFlow (an open source machine learning platform) has a vulnerability where tensors (multi-dimensional arrays of numbers) with very large dimensions can cause an integer overflow (when a calculation produces a number too big to store), resulting in a crash or inconsistent behavior. The vulnerability occurs because the code checks for overflow incorrectly in some parts of the codebase.