CVE-2021-29569: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where specially crafted inputs can cause the program to read memory outside the bounds of allocated heap memory (a memory safety violation). The bug occurs because the code assumes input tensors contain at least one element, but if they're empty, accessing even the first element reads invalid memory.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29569
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%