CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of
Summary
TensorFlow Lite (a lightweight version of TensorFlow for mobile and embedded devices) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 has a bug where it doesn't properly check if two tensors (multi-dimensional arrays of data) have compatible sizes. An attacker can exploit this to cause the interpreter to read or write data outside of the allocated memory region, potentially crashing the program or enabling other attacks.
Solution / Mitigation
Update TensorFlow Lite to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d.
Vulnerability Details
7.4(high)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15208
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%