{"data":{"id":"f3d9aba8-a30c-419b-9dd5-1d349400f970","title":"CVE-2018-21233: TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the co","summary":"TensorFlow versions before 1.7.0 contain an integer overflow bug in the BMP decoder (DecodeBmp feature) that allows out-of-bounds read (accessing memory beyond intended boundaries), potentially exposing sensitive data from the computer's memory. This vulnerability exists in the file core/kernels/decode_bmp_op.cc and is classified as a CWE-125 weakness.","solution":"Upgrade to TensorFlow 1.7.0 or later. A patch is available at https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2018-21233","publishedAt":"2020-05-04T19:15:13.480Z","cveId":"CVE-2018-21233","cweIds":["CWE-125"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00128,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}