CVE-2020-26267: Out-of-bounds Read
(updated )
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute
API does not validate the src_format
and dst_format
attributes. The code assumes that these two arguments define a permutation of NHWC
. This can result in uninitialized memory accesses, read outside of bounds and even crashes.
References
Detect and mitigate CVE-2020-26267 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →