{"data":{"id":"5671aa7c-fcfe-42e1-9559-29ed5e7603da","title":"CVE-2021-29529: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in","summary":"TensorFlow has a heap buffer overflow vulnerability (a memory access bug where data is written beyond allocated space) in its image resizing function that can be triggered by specially crafted input values causing incorrect array index calculations. An attacker can exploit this by manipulating floating-point numbers so that rounding errors cause the function to access memory outside the intended image data.","solution":"The fix will be included in TensorFlow 2.5.0. The fix will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29529","publishedAt":"2021-05-15T00:15:11.937Z","cveId":"CVE-2021-29529","cweIds":["CWE-131","CWE-193"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00047,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}