AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentati

highvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2020CVE-2020-15214

Summary

TensorFlow Lite versions before 2.2.1 and 2.3.1 have a bug where the segment sum operation (a function that groups and sums data) crashes or causes memory corruption if the segment IDs (labels that organize the data) are not sorted in increasing order. The code incorrectly assumes the IDs are sorted, so it allocates too little memory, leading to a segmentation fault (a crash caused by accessing memory it shouldn't).

Solution / Mitigation

Upgrade to TensorFlow Lite version 2.2.1 or 2.3.1. As a partial workaround for cases where segment IDs are stored in the model file, add a custom Verifier to the model loading code to check that segment IDs are sorted; however, this workaround does not work if segment IDs are generated during inference (when the model is running), in which case upgrading to patched code is necessary.

Vulnerability Details

CVSS Score

8.1(high)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15214

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%