CVE-2021-29614: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces
Summary
A bug in TensorFlow's `tf.io.decode_raw` function causes incorrect results and crashes when using certain combinations of parameters. The problem stems from incorrect pointer arithmetic (moving through memory incorrectly), which causes the function to skip parts of input data and write outside the allocated memory bounds (OOB write, where data is written to memory locations it shouldn't access), potentially leading to crashes or more serious attacks.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0 and will be backported (adapted for older versions) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29614
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%