CVE-2021-37689

NULL Pointer Dereference in pypi/tflite

Identifiers

GHSA-wf5p-c75w-w3wh, CVE-2021-37689

Package Slug

pypi/tflite

Vulnerability

NULL Pointer Dereference

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements.

Affected Versions

All versions before 2.3.4, all versions starting from 2.4.0 before 2.4.3, version 2.5.0

Solution

Upgrade to versions 2.3.4, 2.4.3, 2.5.1 or above.

Last Modified

2022-06-19

source