CVE-2021-29529: Off-by-one Error
(updated )
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear
by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation computes two integers (representing the upper bounds for interpolation) by ceiling and flooring a floating point value. For some values of in
, interpolation->upper[i]
might be smaller than interpolation->lower[i]
. This is an issue if interpolation->upper[i]
is capped at in_size-1
as it means that interpolation->lower[i]
points outside of the image. Then, in the interpolation code, this would result in heap buffer overflow.
References
Detect and mitigate CVE-2021-29529 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →