CVE-2018-21233: TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the co
Summary
TensorFlow versions before 1.7.0 contain an integer overflow bug in the BMP decoder (DecodeBmp feature) that allows out-of-bounds read (accessing memory beyond intended boundaries), potentially exposing sensitive data from the computer's memory. This vulnerability exists in the file core/kernels/decode_bmp_op.cc and is classified as a CWE-125 weakness.
Solution / Mitigation
Upgrade to TensorFlow 1.7.0 or later. A patch is available at https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433.
Vulnerability Details
6.5(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-21233
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 92%