CVE-2022-23561: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write o
Summary
An attacker can create a malicious TFLite model (a compressed machine learning format for mobile devices) that writes data outside the boundaries of an array in TensorFlow, potentially overwriting the memory allocator's linked list (a data structure that tracks available memory) to achieve arbitrary write access to system memory. This vulnerability affects multiple versions of TensorFlow, an open-source framework for building AI systems.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. The same fix will also be cherry-picked (backported) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.
Vulnerability Details
8.8(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23561
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%