{"data":{"id":"480e7265-661c-4511-9275-bd97b033fe01","title":"CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to hav","summary":"TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 had a bug where a specially crafted model file could trick the software into trying to read from an empty memory location (null pointer dereference, where the program attempts to access data that doesn't exist). An attacker could modify the model file to convert a read-only tensor (a data structure the AI uses) into a read-write one, causing the runtime to crash or behave unpredictably when it tries to use that tensor.","solution":"Update to TensorFlow Lite versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later. The issue is patched in commit 0b5662bc.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-15209","publishedAt":"2020-09-25T23:15:16.213Z","cveId":"CVE-2020-15209","cweIds":["CWE-476"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow","TensorFlow Lite"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00357,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}