AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-15210: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor a

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2020CVE-2020-15210

Summary

TensorFlow Lite (a machine learning framework for running AI models on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a vulnerability where using the same tensor (a multi-dimensional array of data) as both input and output in an operation can cause a segmentation fault (a crash where the program tries to access memory it shouldn't) or memory corruption (where data in memory gets corrupted). This happens because the code doesn't properly validate inputs when a tensor is used in this way.

Solution / Mitigation

Upgrade to TensorFlow Lite version 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. The issue was patched in commit d58c96946b.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15210

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%