CVE-2022-23584: Use after free in `DecodePng` kernel
(updated )
A malicious user can cause a use after free behavior when decoding PNG images:
if (/* ... error conditions ... */) {
png::CommonFreeDecode(&decode);
OP_REQUIRES(context, false,
errors::InvalidArgument("PNG size too large for int: ",
decode.width, " by ", decode.height));
}
After png::CommonFreeDecode(&decode)
gets called, the values of decode.width
and decode.height
are in an unspecified state.
References
- github.com/advisories/GHSA-24x4-6qmh-88qg
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-93.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-148.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc
- github.com/tensorflow/tensorflow/commit/e746adbfcfee15e9cfdb391ff746c765b99bdf9b
- github.com/tensorflow/tensorflow/security/advisories/GHSA-24x4-6qmh-88qg
- nvd.nist.gov/vuln/detail/CVE-2022-23584
Detect and mitigate CVE-2022-23584 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →