CVE-2021-29603: TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an
Summary
TensorFlow, a machine learning platform, has a vulnerability where a specially crafted TFLite model (a lightweight version of TensorFlow for mobile devices) can cause an OOB write on heap (writing data beyond allocated memory boundaries) in the ArgMin/ArgMax operations. The bug occurs when the axis_value parameter falls outside valid bounds, causing the code to write past the end of the output array.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The developers will also apply this fix as a cherry-pick (a targeted patch) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which are still in the supported version range.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29603
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%