CVE-2021-29590: TensorFlow is an end-to-end open source platform for machine learning. The implementations of the `Minimum` and `Maximum
Summary
TensorFlow (an open source machine learning platform) has a vulnerability in its `Minimum` and `Maximum` operators that can allow reading data outside the bounds of allocated memory if one of the input tensors is empty, because the broadcasting implementation (the process of making tensors compatible for operations) doesn't check whether array indexes are valid. This is a memory access bug that could expose sensitive data.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0 and will be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29590
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%