CVE-2020-15266: Improper Restriction of Operations within the Bounds of a Memory Buffer
(updated )
In Tensorflow, when the boxes
argument of tf.image.crop_and_resize
has a very large value, the CPU kernel implementation receives it as a C++ nan
floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.
References
Detect and mitigate CVE-2020-15266 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →