{"data":{"id":"ceea3ac7-ae01-4dab-a333-f9b12645a565","title":"CVE-2021-29533: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a","summary":"TensorFlow has a vulnerability (CVE-2021-29533) where an attacker can crash the application by sending an empty image to the `tf.raw_ops.DrawBoundingBoxes` function. The bug exists because the code uses `CHECK` assertions (which crash the program on failure) instead of `OP_REQUIRES` (which returns an error message to the user) to validate user input, causing the program to abort when it receives invalid data.","solution":"The fix will be included in TensorFlow 2.5.0. The commit will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29533","publishedAt":"2021-05-15T00:15:12.120Z","cveId":"CVE-2021-29533","cweIds":["CWE-754"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}