CVE-2021-29605: TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s
Summary
TensorFlow, a machine learning platform, has a vulnerability in its TFLite component (a lightweight version for mobile devices) where an attacker can create a malicious model that causes an integer overflow (when a calculation produces a number too large to fit in its storage type, wrapping around to become negative). This overflow leads to invalid memory allocation, potentially causing the program to crash or behave unpredictably.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. It will also be backported (adapted for older versions) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29605
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%