CVE-2022-41885: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large t
Summary
TensorFlow (an open source machine learning platform) has a vulnerability in the `tf.raw_ops.FusedResizeAndPadConv2D` function where a buffer overflow (a memory error where data exceeds available space) occurs when given very large tensor shapes. The bug stems from an incorrect buffer size calculation.
Solution / Mitigation
The fix is available in TensorFlow 2.11. For users on earlier versions, the patch has been applied to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these versions.
Vulnerability Details
4.8(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41885
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%