Browse All

TensorFlow, an open source machine learning platform, has a vulnerability in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization` that allows attackers to crash the system by accessing memory outside intended bounds. The bug occurs when the operation receives empty inputs, causing it to try to read from an invalid memory location.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause an integer division by zero (a crash caused by dividing by zero) in the `tf.raw_ops.QuantizedBiasAdd` function. The bug occurs because the code divides by the number of elements in an input without first checking that this number is not zero.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making the system crash or stop responding) by triggering a failed safety check when converting sparse tensors (data structures with mostly empty values) to CSR sparse matrices. The bug happens because the code tries to access memory locations that are outside the bounds of allocated space, which can corrupt data.

TensorFlow has a vulnerability where an attacker can crash the system (a denial of service, or DoS attack) by sending specially crafted data to a specific function called `tf.raw_ops.QuantizeAndDequantizeV4Grad`. The bug happens because the function doesn't check that its input data (called tensors, which are multi-dimensional arrays) has the correct structure, causing the program to fail when it tries to process them.

TensorFlow, an open-source machine learning platform, has a vulnerability in its CTCGreedyDecoder function that allows attackers to crash the program through a denial of service attack (an attack that makes a service unavailable). The problem occurs because the code uses a CHECK statement that aborts the program instead of handling invalid input properly.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written beyond allocated memory) by sending specially crafted inputs to the `tf.raw_ops.StringNGrams` function. The problem occurs because the code doesn't properly handle edge cases where input splitting results in only padding elements, potentially causing the program to read from invalid memory locations.

A vulnerability in TensorFlow (a platform for building machine learning models) allows an attacker to cause a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in the `tf.raw_ops.StringNGrams` function by providing invalid input that isn't properly checked. This happens because the code doesn't fully validate the `data_splits` argument before using it, potentially causing the program to crash when trying to write data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a heap buffer overflow (a memory corruption bug where data is written beyond the intended memory region) in the Conv2DBackpropFilter function. This happens because the code calculates the filter tensor size but doesn't check that it matches the actual number of elements, leading to memory safety issues when the code later reads or writes to this buffer.

TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.

TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-29538) where an attacker can cause a division by zero error in the Conv2DBackpropFilter function (a tool for training neural networks) by providing empty tensor shapes, which could crash the system. The bug occurs because the code calculates a divisor from user input without checking if it equals zero before dividing by it.

TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written past the intended memory boundaries) in the `QuantizedResizeBilinear` function by providing invalid threshold values for quantization (the process of reducing data precision). The bug occurs because the code assumes these inputs are always valid numbers and doesn't properly check them before using them.

TensorFlow, a machine learning platform, has a heap buffer overflow vulnerability (a memory safety bug where code writes beyond allocated memory) in the `QuantizedReshape` function. The vulnerability occurs when an attacker passes empty tensors (multi-dimensional arrays) as threshold inputs, causing the code to incorrectly access memory at position 0 of an empty buffer.

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29535) where attackers can cause a heap buffer overflow (a memory safety error where code writes beyond allocated memory) in the `QuantizedMul` function by providing invalid threshold values for quantization. The bug occurs because the code assumes input values are always valid and tries to access data that doesn't exist when empty tensors (multi-dimensional arrays) are passed in.

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can crash the program through a denial of service attack by sending specially crafted input to the `SparseConcat` function. The problem occurs because the code uses a `CHECK` operation (a safety check that crashes the program if something goes wrong) instead of safer error-handling methods like `BuildTensorShapeBase` or `AddDimWithStatus`.

TensorFlow has a vulnerability (CVE-2021-29533) where an attacker can crash the application by sending an empty image to the `tf.raw_ops.DrawBoundingBoxes` function. The bug exists because the code uses `CHECK` assertions (which crash the program on failure) instead of `OP_REQUIRES` (which returns an error message to the user) to validate user input, causing the program to abort when it receives invalid data.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedCross` function that allows attackers to access memory outside the intended boundaries of arrays (heap OOB reads, meaning out-of-bounds reads in heap memory) by sending specially crafted invalid tensor values. The problem occurs because the code doesn't validate user-supplied arguments before using them to access array elements.

TensorFlow has a vulnerability where an attacker can crash the system by sending an empty image tensor to the PNG encoding function. The code only checks if the total pixels overflow, but doesn't validate that the image actually contains data, so passing an empty matrix causes a null pointer (a reference to nothing in memory) that crashes the program in a denial of service attack (making the service unavailable).

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can cause a null pointer dereference (accessing memory that doesn't exist, crashing the program) by providing invalid input to a specific function called `tf.raw_ops.SparseMatrixSparseCholesky`. The problem occurs because the code fails to properly validate inputs due to a macro that returns early from a validation function without stopping the main code from continuing.

TensorFlow has a heap buffer overflow vulnerability (a memory access bug where data is written beyond allocated space) in its image resizing function that can be triggered by specially crafted input values causing incorrect array index calculations. An attacker can exploit this by manipulating floating-point numbers so that rounding errors cause the function to access memory outside the intended image data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a division by zero error in the `tf.raw_ops.QuantizedMul` function by controlling a value used in a division operation. This crash could disrupt systems using the affected code.