AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29529: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29529

Summary

TensorFlow has a heap buffer overflow vulnerability (a memory access bug where data is written beyond allocated space) in its image resizing function that can be triggered by specially crafted input values causing incorrect array index calculations. An attacker can exploit this by manipulating floating-point numbers so that rounding errors cause the function to access memory outside the intended image data.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. The fix will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-131 CWE-193

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29529

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%