AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative value

highvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2020CVE-2020-15207

Summary

TensorFlow Lite (a machine learning framework for mobile and embedded devices) had a bug in versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 where it failed to properly validate array indices (positions) after converting negative numbers to positive ones. This allowed the program to access memory outside its intended bounds, causing crashes or data corruption. The vulnerability only appeared in non-debug builds because the validation check was disabled in those versions.

Solution / Mitigation

Update TensorFlow Lite to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a.

Vulnerability Details

CVSS Score

8.7(high)

EPSS (30-day exploit probability)

EPSS: 1.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15207

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%