{"data":{"id":"9038ada1-58e4-45a9-9bed-4692e0ca452b","title":"CVE-2022-23584: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decod","summary":"TensorFlow (an open-source machine learning framework) has a vulnerability where a malicious user can trigger a use after free bug (accessing memory that has already been freed) when decoding PNG images. The problem occurs because after a memory cleanup function is called, the width and height values are left in an unpredictable state.","solution":"Update to TensorFlow 2.8.0 or apply patches to the following supported versions: TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3. These versions contain the fix for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23584","publishedAt":"2022-02-05T04:15:14.873Z","cveId":"CVE-2022-23584","cweIds":["CWE-416"],"cvssScore":"7.6","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00252,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-233"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}