CVE-2020-15208: Out-of-bounds Write
(updated )
In tensorflow-lite, when determining the common dimension size of two tensors, TFLite
uses a DCHECK
which is no-op outside debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside bounds since the interpreter will wrongly assume that there is enough data in both tensors.
References
Detect and mitigate CVE-2020-15208 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →