"Fossies" - the Fresh Open Source Software Archive

Member "tensorflow-2.9.1/tensorflow/security/README.md" (22 May 2022, 96976 Bytes) of package /linux/misc/tensorflow-2.9.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "README.md": 2.8.0_vs_2.9.0-rc0.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


TensorFlow Security Advisories

C++ fuzzing: Fuzzing Status

Python fuzzing: Fuzzing Status

We regularly publish security advisories about using TensorFlow.

Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.

Advisory Number Type Versions affected Reported by Additional Information
TFSA-2022-059 Null pointer dereference in BuildXlaCompilationCache (XLA) < 2.8.0 (discovered internally)
TFSA-2022-058 Segfault in simplifyBroadcast (MLIR) == 2.8.0 (discovered internally)
TFSA-2022-057 Multiple crashes, heap OOB accesses in TFG dialect (MLIR) >= 2.7.0, < 2.8.0 (discovered internally)
TFSA-2022-056 Crash due to erroneous StatusOr >= 2.7.0, < 2.8.0 (discovered internally)
TFSA-2022-055 Heap OOB access in RunForwardTypeInference == 2.8.0 (discovered internally)
TFSA-2022-054 Stack overflow due to self-recursive function in GraphDef < 2.8.0 (discovered internally)
TFSA-2022-053 CHECK failure in constant folding < 2.8.0 (discovered internally)
TFSA-2022-052 Null pointer dereference in Grappler's IsConstant < 2.8.0 (discovered internally)
TFSA-2022-051 Integer overflow in Grappler cost estimation of crop and resize operation < 2.8.0 (discovered internally)
TFSA-2022-050 CHECK-fails due to attempting to build a reference tensor < 2.8.0 (discovered internally)
TFSA-2022-049 Multiple CHECK-fails in function.cc < 2.8.0 (discovered internally)
TFSA-2022-048 Memory leak in decoding PNG images < 2.8.0 (discovered internally)
TFSA-2022-047 Use after free in DecodePng kernel < 2.8.0 (discovered internally)
TFSA-2022-046 CHECK-failures in binary ops due to type confusion < 2.8.0 (discovered internally)
TFSA-2022-045 CHECK-failures in TensorByteSize < 2.8.0 (discovered internally)
TFSA-2022-044 CHECK-failures during Grappler's SafeToRemoveIdentity < 2.8.0 (discovered internally)
TFSA-2022-043 CHECK-failures during Grappler's IsSimplifiableReshape < 2.8.0 (discovered internally)
TFSA-2022-042 Abort caused by allocating a vector that is too large < 2.8.0 (discovered internally)
TFSA-2022-041 Memory leak when a graph node is invalid < 2.8.0 (discovered internally)
TFSA-2022-040 Null dereference in GetInitOp < 2.8.0 (discovered internally)
TFSA-2022-039 Integer overflow in OpLevelCostEstimator::CalculateOutputSize < 2.8.0 (discovered internally)
TFSA-2022-038 Integer overflow in OpLevelCostEstimator::CalculateTensorSize < 2.8.0 (discovered internally)
TFSA-2022-037 Unitialized variable access in AssignOp < 2.8.0 (discovered internally)
TFSA-2022-036 Heap OOB read/write in SpecializeType >= 2.6.0, < 2.8.0 (discovered internally)
TFSA-2022-035 Crash when type cannot be specialized >= 2.6.0, < 2.8.0 (discovered internally)
TFSA-2022-034 Null-dereference when specializing tensor type >= 2.6.0, < 2.8.0 (discovered internally)
TFSA-2022-033 CHECK-fail when decoding invalid tensors from proto < 2.8.0 (discovered internally)
TFSA-2022-032 Heap OOB write in Grappler < 2.8.0 (discovered internally)
TFSA-2022-031 CHECK-fail with repeated AttrDef < 2.8.0 (discovered internally)
TFSA-2022-030 CHECK-fail when decoding resource handles from proto < 2.8.0 (discovered internally)
TFSA-2022-029 Missing validation causes tf.sparse.split to crash when axis is a tuple < 2.8.0 (Reported on GitHub) issue
TFSA-2022-028 Integer overflow in Range resulting in undefined behavior and OOM < 2.8.0 (Reported on GitHub) issue
TFSA-2022-027 Insecure temporary file < 2.8.0 Srikanth Prathi on huntr.dev, internal variant analysis for more fixes
TFSA-2022-026 Read and Write outside of bounds in TFLite < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-025 Dangerous OOB write in TFLite < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-024 Integer overflow in TFLite < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-023 Integer overflow in TFLite array creation < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-022 FPE in depthwise convolutions in TFLite < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-021 FPE in BiasAndClamp in TFLite < 2.8.0 Wang Xuan of Qihoo 360 AIVul Team
TFSA-2022-020 Heap overflow in SparseCountSparseOutput < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-019 Integer overflow leading to crash in SparseCountSparseOutput < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-018 Reference binding to null pointer in QuantizedMaxPool < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-017 Assertion failure based denial of service via faulty bin count operations < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-016 Undefined behavior in SparseTensorSliceDataset < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-015 CHECK-fails when building invalid/overflowing tensor shapes < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-014 Division by zero in FractionalMaxPool < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-013 CHECK-failures in MapStage < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-012 Integer overflows in AddManySparseToTensorsMap < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-011 Integer overflows in most sparse component-wise ops < 2.8.0 Faysal Hossain Shezan from University of Virginia
TFSA-2022-010 More incomplete validation in boosted trees code < 2.8.0 Yu Tian of Qihoo 360 AIVul Team, Faysal Hossain Shezan from University of Virginia
TFSA-2022-009 OOM due to integer overflow in StringNGrams < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-008 OOM in ThreadPoolHandle < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-007 Type confusion in shape inference for ConcatV2 < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-006 Overflow and divide by zero in UnravelIndex < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-005 Heap OOB access in FractionalAvgPoolGrad < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-004 Integer overflow in shape inference for Dequantize < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-003 Heap OOB access in Dequantize < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-002 Heap OOB read in shape inference for ReverseSequence < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2022-001 Floating point division by 0 when executing convolution operators < 2.8.0 Yu Tian of Qihoo 360 AIVul Team
TFSA-2021-200 Crash in tf.math.segment_* operations < 2.7.0 (Reported on GitHub) issue
TFSA-2021-199 Crash in max_pool3d when size argument is 0 or negative < 2.7.0 (Reported on GitHub) issue
TFSA-2021-198 Crashes due to overflow and CHECK-fail in ops with large tensor shapes < 2.7.0 (Reported on GitHub) issue, issue, issue
TFSA-2021-197 Incomplete validation in tf.summary.create_file_writer < 2.7.0 (Reported on GitHub) issue
TFSA-2021-196 Overflow/crash in tf.tile when tiling tensor is large < 2.7.0 (Reported on GitHub) issue
TFSA-2021-195 Overflow/crash in tf.image.resize when size is large < 2.7.0 (Reported on GitHub) issue
TFSA-2021-194 Overflow/crash in tf.range < 2.7.0 (Reported on GitHub) issue, issue, issue
TFSA-2021-193 Missing validation during checkpoint loading < 2.7.0 (discovered internally)
TFSA-2021-192 Uninitialized access in EinsumHelper::ParseEquation < 2.7.0 (discovered internally)
TFSA-2021-191 Segfault while copying constant resource tensor < 2.7.0 (discovered internally)
TFSA-2021-190 Incomplete validation of shapes in multiple TF ops < 2.7.0 (discovered internally)
TFSA-2021-189 Incomplete validation in boosted trees code < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-188 Heap OOB read in tf.raw_ops.SparseCountSparseOutput < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-187 FPE in convolutions with zero size filters < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-186 FPE in ParallelConcat < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-185 Heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-184 Heap OOB in shape inference for QuantizeV2 >= 2.6.0, < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-183 Heap OOB read in tf.ragged.cross < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-182 Reference binding to nullptr in tf.ragged.cross < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-181 Null pointer exception in DeserializeSparse < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-180 Deadlock in mutually recursive tf.function objects < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-179 Heap buffer overflow in Transpose < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-178 Undefined behavior via nullptr reference binding in sparse matrix multiplication < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-177 Use after free / memory leak in CollectiveReduceV2 >= 2.6.0, < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-176 Integer division by 0 in tf.raw_ops.AllToAll < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-175 Null pointer exception when Exit node is not preceded by Enter op < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-174 Access to invalid memory during shape inference in Cudnn* ops < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-173 Segfault due to negative splits in SplitV < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-172 SparseFillEmptyRows heap OOB < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-171 Heap OOB in SparseBinCount < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-170 Arbitrary memory read in ImmutableConst < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-169 Heap OOB in FusedBatchNorm kernels < 2.7.0 Aivul Team from Qihoo 360
TFSA-2021-168 A use of uninitialized value vulnerability in Tensorflow < 2.7.0 Qian Feng from Baidu Security Team
TFSA-2021-167 Code injection in saved_model_cli < 2.7.0 Omer Kaspi from Vdoo
TFSA-2021-166 Use after free and segfault in shape inference functions < 2.6.0 (discovered internally)
TFSA-2021-165 Segfault on strings tensors with mismatched dimensions, due to Go code >=2.5.0, < 2.6.0 (Reported on GitHub) PR
TFSA-2021-164 FPE in LSH in TFLite < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-163 Null pointer dereference in TFLite MLIR optimizations < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-162 Null pointer dereference in TFLite < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-161 Heap OOB in TFLite's Gather* implementations < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-160 Heap OOB in TFLite < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-159 Infinite loop in TFLite == 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-158 FPE in TFLite pooling operations < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-157 FPE in TFLite division operations < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-156 Use of unitialized value in TFLite < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-155 NPE in TFLite < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-154 Division by zero in TFLite < 2.6.0 Aivul Team from Qihoo 360, Yakun Zhang of Baidu Security
TFSA-2021-153 Heap OOB in nested tf.map_fn with RaggedTensors < 2.6.0 Haris Sahovic
TFSA-2021-152 Arbitrary code execution due to YAML deserialization < 2.6.0 Arjun Shibu
TFSA-2021-151 Missing validation in shape inference for Dequantize < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-150 Division by 0 in most convolution operators < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-149 Reference binding to nullptr in shape inference < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-148 Incomplete validation in MaxPoolGrad < 2.6.0 Yakun Zhang of Baidu Security
TFSA-2021-147 CHECK-fail in MapStage < 2.6.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-146 Heap OOB in SdcaOptimizerV2 < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-145 Reference binding to nullptr in map operations < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-144 Heap OOB in UpperBound and LowerBound < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-143 Crash in NMS ops caused by integer conversion to unsigned < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-142 FPE in tf.raw_ops.UnravelIndex < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-141 Reference binding to nullptr in unicode encoding < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-140 Reference binding to nullptr in RaggedTensorToVariant < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-139 Incomplete validation in MKL requantization < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-138 Incomplete validation in QuantizeV2 < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-137 Heap OOB in boosted trees < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-136 Reference binding to nullptr in boosted trees < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-135 Crash caused by integer conversion to unsigned < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-134 Division by 0 in inplace operations < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-133 Reference binding to nullptr and heap OOB in binary cwise ops < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-132 Reference binding to nullptr in MatrixSetDiagV* ops < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-131 Reference binding to nullptr in MatrixDiagV* ops < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-130 Reference binding to nullptr in RaggedTensorToSparse < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-129 Heap OOB in ResourceScatterUpdate < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-128 Heap OOB and CHECK fail in ResourceGather < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-127 Division by 0 in ResourceGather < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-126 Use after free in boosted trees creation < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-125 Heap buffer overflow in FractionalAvgPoolGrad < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-124 Segfault and heap buffer overflow in {Experimental,}DatasetToTFRecord < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-123 Null pointer dereference in UncompressElement < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-122 Incorrect validation of SaveV2 inputs < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-121 Null pointer dereference in SparseTensorSliceDataset < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-120 Bad alloc in StringNGrams caused by integer conversion < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-119 Integer overflow due to conversion to unsigned >=2.4.0, < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-118 Null pointer dereference in MatrixDiagPartOp < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-117 std::abort raised from TensorListReserve < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-116 Heap OOB in RaggedGather < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-115 Division by 0 in ResourceScatterDiv < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-114 Integer division by 0 in sparse reshaping >=2.5.0, < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-113 Null pointer dereference and heap OOB read in operations restoring tensors < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-112 Null pointer dereference in RaggedTensorToTensor < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-111 Null pointer dereference in CompressElement < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-110 Floating point exception in SparseDenseCwiseDiv < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-109 Heap out of bounds access in sparse reduction operations < 2.6.0 Aivul Team from Qihoo 360
TFSA-2021-108 Segfault in tf.raw_ops.ImmutableConst < 2.5.0 (discovered internally)
TFSA-2021-107 Segfault in tf.raw_ops.SparseCountSparseOutput < 2.5.0 (discovered internally)
TFSA-2021-106 Crash in tf.strings.substr due to CHECK-fail < 2.5.0 (Reported on GitHub) issue report
TFSA-2021-105 Crash in tf.transpose with complex inputs < 2.5.0 (Reported on GitHub) issue report
TFSA-2021-104 Null dereference in Grappler's TrySimplify < 2.5.0 (discovered internally)
TFSA-2021-103 Stack overflow in ParseAttrValue with nested tensors < 2.5.0 (discovered internally)
TFSA-2021-102 Interpreter crash from tf.io.decode_raw < 2.5.0 (discovered internally)
TFSA-2021-101 Incomplete validation in tf.raw_ops.CTCLoss < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-100 Heap buffer overflow in BandedTriangularSolve < 2.5.0 Ye Zhang and Yakun Zhang of Baidu X-Team
TFSA-2021-099 Invalid validation in QuantizeAndDequantizeV2 < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-098 Incomplete validation in SparseReshape >=2.3.0, < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-097 Incomplete validation in SparseSparseMinimum < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-096 Incomplete validation in SparseAdd < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-095 Heap OOB and null pointer dereference in RaggedTensorToTensor < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-094 Heap OOB read in TFLite < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-093 Heap OOB write in TFLite < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-092 Integer overflow in TFLite memory allocation < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-091 Integer overflow in TFLite concatenation < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-090 Division by zero in TFLite's implementation of hashtable lookup < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-089 Division by zero in TFLite's implementation of DepthwiseConv < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-088 Division by zero in TFLite's implementation of OneHot < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-087 Division by zero in TFLite's implementation of Split < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-086 Division by zero in TFLite's implementation of SVDF < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-085 Division by zero in TFLite's implementation of SpaceToBatchNd < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-084 Division by zero in TFLite's implementation of BatchToSpaceNd < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-083 Division by zero in TFLite's implementation of EmbeddingLookup < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-082 Division by zero in TFLite's convolution code < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-081 Division by zero in TFLite's implementation of DepthToSpace < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-080 Stack overflow due to looping TFLite subgraph < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-079 Null pointer dereference in TFLite's Reshape operator < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-078 Heap OOB read in TFLite's implementation of Minimum or Maximum < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-077 Division by zero in TFLite's implementation of TransposeConv < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-076 Division by zero in TFLite's implementation of GatherNd < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-075 Division by zero in TFLite's implementation of SpaceToDepth < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-074 Division by zero in optimized pooling implementations in TFLite < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-073 Division by zero in padding computation in TFLite < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-072 Heap buffer overflow and undefined behavior in FusedBatchNorm < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-071 CHECK-fail due to integer overflow < 2.5.0 University of Virginia and University of California, Santa Barbara
TFSA-2021-070 Heap OOB read in tf.raw_ops.Dequantize < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-069 Segfault in CTCBeamSearchDecoder < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-068 Heap buffer overflow in MaxPoolGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-067 Heap buffer overflow in FractionalAvgPoolGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-066 Undefined behavior and CHECK-fail in FractionalMaxPoolGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-065 Heap buffer overflow in AvgPool3DGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-064 Heap buffer overflow in MaxPool3DGradGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-063 Undefined behavior in MaxPool3DGradGrad < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-062 Division by 0 in MaxPoolGradWithArgmax < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-061 Overflow/denial of service in tf.raw_ops.ReverseSequence < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-060 Reference binding to nullptr in SdcaOptimizer < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-059 Memory corruption in DrawBoundingBoxesV2 < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-058 Heap out of bounds read in RequantizationRange < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-057 Heap out of bounds read in MaxPoolGradWithArgmax < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-056 Lack of validation in SparseDenseCwiseMul < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-055 Reference binding to null in ParameterizedTruncatedNormal < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-054 Heap OOB access in Dilation2DBackpropInput < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-053 Null pointer dereference in SparseFillEmptyRows < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-052 Null pointer dereference in EditDistance < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-051 CHECK-fail in tf.raw_ops.RFFT < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-050 CHECK-fail in tf.raw_ops.IRFFT < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-049 CHECK-fail in LoadAndRemapMatrix < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-048 Heap buffer overflow in RaggedTensorToTensor < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-047 Heap OOB access in unicode ops < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-046 Heap buffer overflow in SparseSplit < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-045 Division by 0 in Reverse < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-044 Division by 0 in SparseMatMul < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-043 Division by 0 in FusedBatchNorm < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-042 Division by 0 in DenseCountSparseOutput < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-041 CHECK-failure in UnsortedSegmentJoin < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-040 Heap OOB in QuantizeAndDequantizeV3 < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-039 OOB read in MatrixTriangularSolve < 2.5.0 Ye Zhang and Yakun Zhang of Baidu X-Team
TFSA-2021-038 Division by 0 in FractionalAvgPool < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-037 Division by 0 in QuantizedAdd < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-036 Division by 0 in QuantizedBatchNormWithGlobalNormalization < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-035 Heap out of bounds in QuantizedBatchNormWithGlobalNormalization < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-034 Division by 0 in QuantizedBiasAdd < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-033 Heap buffer overflow in SparseTensorToCSRSparseMatrix < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-032 CHECK-fail in CTCGreedyDecoder < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-031 CHECK-fail in QuantizeAndDequantizeV4Grad >= 2.4.0, < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-030 Null pointer dereference in StringNGrams < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-029 Heap buffer overflow StringNGrams < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-028 Heap buffer overflow Conv2DBackpropFilter < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-027 Division by zero in Conv2DBackpropFilter < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-026 Heap buffer overflow in QuantizedReshape < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-025 Heap buffer overflow in QuantizedResizeBilinear < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-024 CHECK-fail in SparseConcat < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-023 Heap buffer overflow in QuantizedMul < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-022 CHECK-fail in DrawBoundingBoxes < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-021 Heap out of bounds read in RaggedCross < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-020 CHECK-fail in tf.raw_ops.EncodePng < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-019 Heap buffer overflow caused by rounding < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-018 Invalid validation in SparseMatrixSparseCholesky < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-017 Division by 0 in QuantizedMul < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-016 Division by 0 in QuantizedConv2D < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-015 Division by 0 in Conv2D < 2.5.0 Ying Wang and Yakun Zhang of Baidu X-Team
TFSA-2021-014 Division by 0 in Conv2DBackpropInput < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-013 Division by 0 in Conv2DBackpropFilter < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-012 CHECK-fail in AddManySparseToTensorsMap < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-011 Division by 0 in Conv3DBackprop* < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-010 Heap buffer overflow in Conv3DBackprop* < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-009 Segfault in SparseCountSparseOutput >= 2.3.0, < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-008 CHECK-fail in SparseCross due to type confusion < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-007 Session operations in eager mode lead to null pointer dereferences >= 2.0.0, < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-006 Division by zero in Conv3D < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-005 Null pointer dereference via invalid Ragged Tensors < 2.5.0 Yakun Zhang and Ying Wang of Baidu X-Team
TFSA-2021-004 Reference binding to null pointer in MatrixDiag* ops < 2.5.0 Ye Zhang and Yakun Zhang of Baidu X-Team
TFSA-2021-003 Type confusion during tensor casts lead to dereferencing null pointers < 2.5.0 Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team
TFSA-2021-002 Heap out of bounds write in RaggedBinCount >= 2.3.0, < 2.5.0 Aivul Team from Qihoo 360
TFSA-2021-001 Heap buffer overflow in RaggedBinCount >= 2.3.0, < 2.5.0 Aivul Team from Qihoo 360
TFSA-2020-034 Heap out of bounds access in MakeEdge >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-033 CHECK-fail in LSTM with zero-length input >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-032 Heap out of bounds read in filesystem glob matching 2.4.0-rc{0,1,2,3} Aivul Team from Qihoo 360
TFSA-2020-031 Write to immutable memory region >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-030 Lack of validation in data format attributes >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-029 Uninitialized memory access in Eigen types >= 1.15.0, <= 2.3.0 (discovered internally)
TFSA-2020-028 Float cast overflow undefined behavior <= 2.3 (Reported on GitHub) issue report
TFSA-2020-027 Segfault in tf.quantization.quantize_and_dequantize <= 2.3 (Reported on GitHub) issue report
TFSA-2020-026 Segfault in tf.raw_ops.Switch in eager mode 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-025 Undefined behavior in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-024 Memory leak in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-023 Memory corruption in dlpack.to_dlpack 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-022 Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-021 Heap buffer overflow in SparseFillEmptyRowsGrad >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-020 Heap buffer overflow in weighted sparse count ops 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-019 Crash due to invalid splits in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-018 Heap buffer overflow due to invalid indices in SparseCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-017 Abort due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-016 Segfault due to invalid splits in RaggedCountSparseOutput 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-015 Heap buffer overflow due to invalid splits in RaggedCountSparseOutput 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-014 Integer truncation in Shard API usage >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-013 Format-string vulnerability in TensorFlow's as_string >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-012 Segfault by calling session-only ops in eager mode >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-011 Data leak in tf.raw_ops.StringNGrams >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-010 Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults >= 1.15.0, <= 2.3.0 Shuaike Dong, Alipay Tian Qian Security Lab issue report
TFSA-2020-009 Segfault and data corruption caused by negative indexing in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-008 Data corruption due to dimension mismatch in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-007 Null pointer dereference in TFLite >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360, variant analysis
TFSA-2020-006 Segmentation fault and/or data corruption due to invalid TFLite model >= 1.15.0, <= 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-005 Out of bounds access in TFLite operators >= 1.15.0, <= 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-004 Out of bounds access in TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-003 Denial of service from TFLite implementation of segment sum 2.2.0, 2.3.0 (variant analysis, Aivul Team from Qihoo 360)
TFSA-2020-002 Out of bounds write in TFLite implementation of segment sum 2.2.0, 2.3.0 Aivul Team from Qihoo 360
TFSA-2020-001 Segmentation fault when converting a Python string to tf.float16 >= 1.12.0, <= 2.1 (found internally)
TFSA-2019-002 Heap buffer overflow in UnsortedSegmentSum <= 1.14 (found internally)
TFSA-2019-001 Null Pointer Dereference Error in Decoding GIF Files <= 1.12 Baidu Security Lab
TFSA-2018-006 Crafted Configuration File results in Invalid Memory Access <= 1.7 Blade Team of Tencent
TFSA-2018-005 Old Snappy Library Usage Resulting in Memcpy Parameter Overlap <= 1.7 Blade Team of Tencent
TFSA-2018-004 Checkpoint Meta File Out-of-Bounds Read <= 1.7 Blade Team of Tencent
TFSA-2018-003 TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability <= 1.7 Blade Team of Tencent
TFSA-2018-002 GIF File Parsing Null Pointer Dereference Error <= 1.5 Blade Team of Tencent
TFSA-2018-001 BMP File Parser Out-of-bounds Read <= 1.6 Blade Team of Tencent
- Out Of Bounds Read <= 1.4 Blade Team of Tencent issue report