AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to hav

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2020CVE-2020-15209

Summary

TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) versions before 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 had a bug where a specially crafted model file could trick the software into trying to read from an empty memory location (null pointer dereference, where the program attempts to access data that doesn't exist). An attacker could modify the model file to convert a read-only tensor (a data structure the AI uses) into a read-write one, causing the runtime to crash or behave unpredictably when it tries to use that tensor.

Solution / Mitigation

Update to TensorFlow Lite versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later. The issue is patched in commit 0b5662bc.

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedInference

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15209

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%