AI & LLM Vulnerabilities

TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-29535) where attackers can cause a heap buffer overflow (a memory safety error where code writes beyond allocated memory) in the `QuantizedMul` function by providing invalid threshold values for quantization. The bug occurs because the code assumes input values are always valid and tries to access data that doesn't exist when empty tensors (multi-dimensional arrays) are passed in.

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can crash the program through a denial of service attack by sending specially crafted input to the `SparseConcat` function. The problem occurs because the code uses a `CHECK` operation (a safety check that crashes the program if something goes wrong) instead of safer error-handling methods like `BuildTensorShapeBase` or `AddDimWithStatus`.

TensorFlow has a vulnerability (CVE-2021-29533) where an attacker can crash the application by sending an empty image to the `tf.raw_ops.DrawBoundingBoxes` function. The bug exists because the code uses `CHECK` assertions (which crash the program on failure) instead of `OP_REQUIRES` (which returns an error message to the user) to validate user input, causing the program to abort when it receives invalid data.

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedCross` function that allows attackers to access memory outside the intended boundaries of arrays (heap OOB reads, meaning out-of-bounds reads in heap memory) by sending specially crafted invalid tensor values. The problem occurs because the code doesn't validate user-supplied arguments before using them to access array elements.

TensorFlow has a vulnerability where an attacker can crash the system by sending an empty image tensor to the PNG encoding function. The code only checks if the total pixels overflow, but doesn't validate that the image actually contains data, so passing an empty matrix causes a null pointer (a reference to nothing in memory) that crashes the program in a denial of service attack (making the service unavailable).

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can cause a null pointer dereference (accessing memory that doesn't exist, crashing the program) by providing invalid input to a specific function called `tf.raw_ops.SparseMatrixSparseCholesky`. The problem occurs because the code fails to properly validate inputs due to a macro that returns early from a validation function without stopping the main code from continuing.

TensorFlow has a heap buffer overflow vulnerability (a memory access bug where data is written beyond allocated space) in its image resizing function that can be triggered by specially crafted input values causing incorrect array index calculations. An attacker can exploit this by manipulating floating-point numbers so that rounding errors cause the function to access memory outside the intended image data.

TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a division by zero error in the `tf.raw_ops.QuantizedMul` function by controlling a value used in a division operation. This crash could disrupt systems using the affected code.

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (crashing the program by dividing by zero) in the `tf.raw_ops.QuantizedConv2D` function by controlling a value that the code divides by. This happens because the code doesn't check if that value is zero before using it in math.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in the Conv2D function (a tool that processes image data) by controlling certain input values. This crash occurs because the code divides by a number that comes directly from the attacker's input without checking if it's zero first.

TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in a specific function called `tf.raw_ops.Conv2DBackpropInput` by controlling certain input values. This happens because the code divides by a number that comes from the attacker's input without checking if it's zero first.

TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (a crash caused by attempting math with zero as a divisor) in a specific function called `tf.raw_ops.Conv2DBackpropFilter` by controlling a value used in a modulus operation (a calculation that finds remainders). This bug affects multiple older versions of the software.

TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can crash the program through a denial of service attack by sending malicious input to the `AddManySparseToTensorsMap` function. The problem occurs because the code uses an outdated constructor method that fails abruptly when it encounters numeric overflow (when a number gets too large for the system to handle), rather than handling the error gracefully.

A bug in TensorFlow (an open source machine learning platform) allows attackers to cause a denial of service (making a system unavailable) by triggering a division by zero error in the `tf.raw_ops.Conv3DBackprop*` operations. The operations don't check if input tensors are empty before using them in calculations, which crashes the system if an attacker controls the input sizes.

TensorFlow (an open source platform for machine learning) has a bug where passing a negative number in the dense shape parameter to `tf.raw_ops.SparseCountSparseOutput` causes a crash. This happens because the code assumes the shape values are always positive and doesn't validate them before using them to create a data structure, which violates the safety rules of the underlying `std::vector` (a list-like data structure in C++).

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.Conv3DBackprop*` operations where missing validation of input arguments can cause a heap buffer overflow (a crash or security issue where a program writes data beyond its allocated memory). The problem occurs because the code assumes three data structures (called tensors) have matching shapes, but doesn't check this before accessing them simultaneously.

TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.SparseCross` function that can crash a program (denial of service) by tricking the code into mixing incompatible data types (string type with integer type). The vulnerability occurs because the implementation incorrectly processes a tensor, thinking it contains one type of data when it actually contains another.

TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).

A vulnerability in TensorFlow (an open source platform for machine learning) allows a malicious user to crash the program by providing specially crafted input to the Conv3D function (a tool for processing 3D image data). The vulnerability occurs because the code performs a division or modulo operation (mathematical operations that can fail) based on user-provided data, and if certain values are zero, the program crashes.

TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.