CVE-2022-23558: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an intege
Summary
An attacker can create a malicious TFLite model (a lightweight version of TensorFlow used on mobile devices) that causes an integer overflow (where a number gets too large to fit in its storage space, wrapping around to a negative or small value) in TensorFlow's `TfLiteIntArrayCreate` function. The vulnerability happens because the code returns an `int` instead of a larger `size_t` datatype, allowing attackers to manipulate model inputs so the calculated size exceeds what an `int` can hold.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. It will also be backported (applied to older versions still receiving updates) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.
Vulnerability Details
7.6(high)
EPSS: 0.4%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23558
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%