In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by …
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is …
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.
TensorFlow has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
Google TensorFlow is affected by a Null Pointer Dereference vulnerability.
Google TensorFlow is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow could cause a crash or read from other parts of process memory via a crafted configuration file.
Memcpy parameter overlap in Google Snappy library, as used in Google TensorFlow, could result in a crash or read from other parts of process memory.
Google TensorFlow is affected by a Null Pointer Dereference.
Google TensorFlow is affected by a Buffer Overflow which enables an attacker to run arbitrary code.