CVE-2021-29535: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29535) where attackers can cause a heap buffer overflow (a memory safety error where code writes beyond allocated memory) in the `QuantizedMul` function by providing invalid threshold values for quantization. The bug occurs because the code assumes input values are always valid and tries to access data that doesn't exist when empty tensors (multi-dimensional arrays) are passed in.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The patch will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29535
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%