CVE-2020-15214: Out-of-bounds Write
(updated )
In TensorFlow Lite, models using segment sum can trigger a segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in an out-of-bounds-write to the output array.
References
Detect and mitigate CVE-2020-15214 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →