AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2019-9635: NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

lowvulnerability

security

Source: NVD/CVE DatabaseApril 24, 2019CVE-2019-9635

Summary

A NULL pointer dereference (a type of bug where software tries to access memory that doesn't exist) in Google TensorFlow versions before 1.12.2 could allow an attacker to cause a denial of service (making the software crash or become unresponsive) by providing an invalid GIF image file. This vulnerability affects TensorFlow's image processing capabilities.

Solution / Mitigation

Upgrade to TensorFlow version 1.12.2 or later. According to the source, the vulnerability existed in versions before 1.12.2, indicating this version includes the fix.

Vulnerability Details

CVSS Score

4.3

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Google

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%