We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
Advisory Number | Type | Versions affected | Reported by | Additional Information |
---|---|---|---|---|
TFSA-2023-020 | OOB Read in GRUBlockCellGrad | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-019 | FPE in AvgPoolGrad with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-018 | OOB read in DynamicStitch | <= 2.12.0 | Google OSS VRP | |
TFSA-2023-017 | NPE in QuantizedMatMulWithBiasAndDequantize | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-016 | Seg fault in tf.raw_ops.Print | <= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2023-015 | Segmentation fault in tfg-translate | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-014 | Integer overflow in EditDistance | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-013 | FPE in TensorListSplit with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-012 | NPE in TensorArrayConcatV2 | <= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2023-011 | FPE in TensorListSplit with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-010 | Heap-buffer-overflow in AvgPoolGrad | <= 2.12.0 | evn@google.com | |
TFSA-2023-009 | NPE in RandomShuffle with XLA enable | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-008 | FPE in AudioSpectrogram | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-007 | Segfault in Bincount with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-006 | NPE in SparseSparseMaximum | <= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2023-005 | Null dereference on ParallelConcat with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
TFSA-2023-004 | Segfault when opening multiframe gif | <= 2.12.0 | Andrei | |
TFSA-2023-003 | Double free in Fractional(Max/Avg)Pool | <= 2.12.0 | https://github.com/dmc1778 of nimashiri2012@gmail.com | |
TFSA-2023-002 | A heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation | <= 2.12.0 | ||
TFSA-2023-001 | FPE in TFLite in conv kernel | <= 2.12.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-170 | CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode | <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-169 | CHECK failure in SobolSample via missing validation | <= 2.11.0 | (multiple authors) | |
TFSA-2022-168 | Heap overflow in QuantizeAndDequantizeV2 | <= 2.11.0 | Reported via OSS VRP | |
TFSA-2022-167 | OOB write in grappler | <= 2.11.0 | (discovered internally) | |
TFSA-2022-166 | Invalid char to bool conversion when printing a tensor | <= 2.11.0 | (discovered internally) | |
TFSA-2022-165 | FractionalMaxPool and FractionalAvgPool heap out-of-buffer | <= 2.11.0 | Reported via OSS VRP | |
TFSA-2022-164 | CHECK_EQ fail via input in SparseMatrixNNZ | <= 2.11.0 | Kang Hong Jin | |
TFSA-2022-163 | Segfault in CompositeTensorVariantToComponents | <= 2.11.0 | pattarakritr@smu.edu.sg | |
TFSA-2022-162 | CHECK fail via inputs in PyFunc | <= 2.11.0 | pattarakritr@smu.edu.sg | |
TFSA-2022-161 | CHECK fail via inputs in SdcaOptimizer | <= 2.11.0 | Zizhuang Deng of IIE, UCAS | |
TFSA-2022-160 | CHECK fail via inputs in SparseFillEmptyRowsGrad | <= 2.11.0 | Jiawei Liu, PhD student at University of Illinois, Urbana-Champaign | |
TFSA-2022-159 | FractionalMaxPoolGrad Heap OOB | <= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
TFSA-2022-158 | tf.raw_ops.Mfcc crashes | <= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
TFSA-2022-157 | MirrorPadGrad heap oob | <= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
TFSA-2022-156 | Buffer overflow in CONV_3D_TRANSPOSE on TFLite | <= 2.11.0 | Thibaut Goetghebuer-Planchon, Arm Ltd. | |
TFSA-2022-155 | CHECK_EQ fail in tf.raw_ops.TensorListResize | <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-154 | Segfault in tf.raw_ops.TensorListConcat | <= 2.11.0 | Tong Liu, ShanghaiTech University | |
TFSA-2022-153 | CHECK fail in BCast overflow | <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-152 | Segfault via invalid attributes in pywrap_tfe_src.cc | <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-151 | FPE in tf.image.generate_bounding_box_proposals | <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-150 | Overflow in tf.keras.losses.poisson | >= 2.9.0, <= 2.11.0 | Pattarakrit Rattankul | |
TFSA-2022-149 | Overflow in ResizeNearestNeighborGrad | <= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
TFSA-2022-148 | Overflow in ImageProjectiveTransformV2 | <= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
TFSA-2022-147 | Overflow in FusedResizeAndPadConv2D | <= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
TFSA-2022-146 | Seg fault in ndarray_tensor_bridge due to zero and large input | <= 2.11.0 | Pattarakrit Rattanukul | |
TFSA-2022-145 | OOB seg fault in DynamicStitch due to missing validation | <= 2.11.0 | Zizhuang Deng of IIE, UCAS | |
TFSA-2022-144 | ThreadUnsafeUnigramCandidateSampler Heap OOB | <= 2.11.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-143 | OOB read in Gather_nd op in TF Lite Micro | <= 2.10.0 | Hui Peng from Baidu Security | |
TFSA-2022-142 | CHECK -fail in tensorflow::full_type::SubstituteFromAttrs | <= 2.10.0 | (discovered internally) | |
TFSA-2022-141 | Integer overflow in math ops | <= 2.10.0 | (discovered internally) | |
TFSA-2022-140 | Null-dereference in mlir::tfg::TFOp::nameAttr | <= 2.10.0 | (discovered internally) | |
TFSA-2022-139 | Null-dereference in mlir::tfg::GraphDefImporter::ConvertNodeDef | <= 2.10.0 | (discovered internally) | |
TFSA-2022-138 | Assertion fail on MLIR empty edge names | <= 2.10.0 | (discovered internally) | |
TFSA-2022-137 | Null dereference on MLIR on empty function attributes | <= 2.10.0 | (discovered internally) | |
TFSA-2022-136 | CHECK fail in Eig | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-135 | CHECK fail in DrawBoundingBoxes | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-134 | CHECK fail in Unbatch | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-133 | CHECK fail in RandomPoissonV2 | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-132 | CHECK fail in tf.random.gamma | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-131 | CHECK fail in FakeQuantWithMinMaxVarsGradient | <= 2.10.0 | (multiple authors) | |
TFSA-2022-130 | CHECK fail in FakeQuantWithMinMaxVarsPerChannelGradient | <= 2.10.0 | (multiple authors) | |
TFSA-2022-129 | CHECK fail in TensorListScatter and TensorListScatterV2 | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-128 | CHECK fail in TensorListFromTensor | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-127 | CHECK fail in SetSize | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-126 | CHECK fail in CollectiveGather | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-125 | CHECK fail in AudioSummaryV2 | <= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
TFSA-2022-124 | Floating point exception in Conv2D | <= 2.10.0 | Jingyi Shi | |
TFSA-2022-123 | CHECK fail in tf.sparse.cross | <= 2.10.0 | Kang Hong Jin | |
TFSA-2022-122 | CHECK fail in EmptyTensorList | <= 2.10.0 | Kang Hong Jin | |
TFSA-2022-121 | CHECK fail in Conv2DBackpropInput | <= 2.10.0 | Jingyi Shi | |
TFSA-2022-120 | CHECK fail in MaxPool | <= 2.10.0 | Jingyi Shi | |
TFSA-2022-119 | CHECK fail in tf.linalg.matrix_rank | <= 2.10.0 | Kang Hong Jin | |
TFSA-2022-118 | CHECK fail in DenseBincount | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-117 | Segfault in RaggedBincount | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-116 | CHECK fail in LRNGrad | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-115 | CHECK fail in ParameterizedTruncatedNormal | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-114 | CHECK fail in Save and SaveSlices | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-113 | Segfault in SparseBincount | <= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
TFSA-2022-112 | CHECK fail in QuantizeAndDequantizeV3 | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-111 | CHECK fail in RaggedTensorToVariant | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-110 | CHECK fail in FractionalMaxPoolGrad | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-109 | Segfault in QuantizedRelu and QuantizedRelu6 | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-108 | Segfault in QuantizeDownAndShrinkRange | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-107 | Segfault in QuantizedMatMul | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-106 | CHECK fail in FakeQuantWithMinMaxVarsPerChannel | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-105 | Segfault in QuantizedBiasAdd | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-104 | Segfault in Requantize | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-103 | CHECK fail in FakeQuantWithMinMaxVars | <= 2.10.0 | (multiple authors) | |
TFSA-2022-102 | Segfault in QuantizedInstanceNorm | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-101 | CHECK fail in Conv2DBackpropInput | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-100 | CHECK fail in AvgPoolGrad | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-099 | Segfault in QuantizedAdd | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-098 | Segfault in QuantizedAvgPool | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-097 | Segfault in LowerBound and UpperBound | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-096 | Segfault in BlockLSTMGradV2 | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-095 | CHECK failures in FractionalAvgPoolGrad | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-094 | CHECK failures in AvgPool3DGrad | <= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
TFSA-2022-093 | Segfault TFLite converter on per-channel quantized transposed convolutions | <= 2.10.0 | (Reported on GitHub) | issue |
TFSA-2022-092 | CHECK failures in UnbatchGradOp | <= 2.10.0 | (multiple authors) | |
TFSA-2022-091 | CHECK failure in AvgPoolOp | <= 2.10.0 | Jingyi Shi | |
TFSA-2022-090 | Int overflow in RaggedRangeOp | <= 2.10.0 | Jingyi Shi | |
TFSA-2022-089 | OOB write in Scatter_nd op in TF Lite | <= 2.10.0 | Hui Peng from Baidu Security | |
TFSA-2022-088 | CHECK failure in TensorListReserve via missing validation | <= 2.10.0 | Kang Hong Jin from Singapore Management University | |
TFSA-2022-087 | OOB read in Gather_nd op in TF Lite | <= 2.10.0 | Hui Peng from Baidu Security | |
TFSA-2022-086 | CHECK failure in SobolSample via missing validation | <= 2.10.0 | (multiple authors) | |
TFSA-2022-085 | CHECK failure in tf.reshape via overflows | <= 2.10.0 | Kang Hong Jin from Singapore Management University | |
TFSA-2022-084 | Heap buffer overflow due to incorrect hash function | == 2.8.0 | (discovered internally) | |
TFSA-2022-083 | Type confusion leading to CHECK -failure based denial of service | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-082 | Incomplete validation in signal ops leads to crashes | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-081 | Core dump when loading TFLite models with quantization | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-080 | Segfault if tf.histogram_fixed_width is called with NaN values | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-079 | Denial of service in tf.ragged.constant due to lack of validation | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-078 | Missing validation causes denial of service via Conv3DBackpropFilterV2 | < 2.9.0 | (Reported on GitHub) | issue |
TFSA-2022-077 | Segfault and OOB write due to incomplete validation in EditDistance | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-076 | Integer overflow in SpaceToBatchND | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-075 | Missing validation results in undefined behavior in QuantizedConv2D | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-074 | Missing validation results in undefined behavior in SparseTensorDenseAdd | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-073 | Segfault due to missing support for quantized types | < 2.9.0 | Hong Jin, Singapore Management University | |
TFSA-2022-072 | Undefined behavior when users supply invalid resource handles | < 2.9.0 | Hong Jin, Singapore Management University | |
TFSA-2022-071 | CHECK failure in depthwise ops via overflows | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-070 | Missing validation causes denial of service via Conv3DBackpropFilterV2 | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-069 | Missing validation causes denial of service via LSTMBlockCell | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-068 | Missing validation causes denial of service via SparseTensorToCSRSparseMatrix | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-067 | Missing validation causes denial of service via LoadAndRemapMatrix | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-066 | Missing validation causes denial of service via UnsortedSegmentJoin | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-065 | Missing validation causes denial of service via StagePeek | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-064 | Missing validation causes denial of service via GetSessionTensor | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-063 | Missing validation causes denial of service via DeleteSessionTensor | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-062 | Missing validation crashes QuantizeAndDequantizeV4Grad | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
TFSA-2022-061 | Missing validation causes TensorSummaryV2 to crash | < 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University and Hong Jin, Singapore Management University | |
TFSA-2022-060 | Code injection in saved_model_cli | < 2.9.0 | Andey Robins, Cybersecurity Education and Research Lab, University of Wyoming | |
TFSA-2022-059 | Null pointer dereference in BuildXlaCompilationCache (XLA) | < 2.8.0 | (discovered internally) | |
TFSA-2022-058 | Segfault in simplifyBroadcast (MLIR) | == 2.8.0 | (discovered internally) | |
TFSA-2022-057 | Multiple crashes, heap OOB accesses in TFG dialect (MLIR) | >= 2.7.0, < 2.8.0 | (discovered internally) | |
TFSA-2022-056 | Crash due to erroneous StatusOr | >= 2.7.0, < 2.8.0 | (discovered internally) | |
TFSA-2022-055 | Heap OOB access in RunForwardTypeInference | == 2.8.0 | (discovered internally) | |
TFSA-2022-054 | Stack overflow due to self-recursive function in GraphDef | < 2.8.0 | (discovered internally) | |
TFSA-2022-053 | CHECK failure in constant folding | < 2.8.0 | (discovered internally) | |
TFSA-2022-052 | Null pointer dereference in Grappler's IsConstant | < 2.8.0 | (discovered internally) | |
TFSA-2022-051 | Integer overflow in Grappler cost estimation of crop and resize operation | < 2.8.0 | (discovered internally) | |
TFSA-2022-050 | CHECK -fails due to attempting to build a reference tensor | < 2.8.0 | (discovered internally) | |
TFSA-2022-049 | Multiple CHECK -fails in function.cc | < 2.8.0 | (discovered internally) | |
TFSA-2022-048 | Memory leak in decoding PNG images | < 2.8.0 | (discovered internally) | |
TFSA-2022-047 | Use after free in DecodePng kernel | < 2.8.0 | (discovered internally) | |
TFSA-2022-046 | CHECK -failures in binary ops due to type confusion | < 2.8.0 | (discovered internally) | |
TFSA-2022-045 | CHECK -failures in TensorByteSize | < 2.8.0 | (discovered internally) | |
TFSA-2022-044 | CHECK -failures during Grappler's SafeToRemoveIdentity | < 2.8.0 | (discovered internally) | |
TFSA-2022-043 | CHECK -failures during Grappler's IsSimplifiableReshape | < 2.8.0 | (discovered internally) | |
TFSA-2022-042 | Abort caused by allocating a vector that is too large | < 2.8.0 | (discovered internally) | |
TFSA-2022-041 | Memory leak when a graph node is invalid | < 2.8.0 | (discovered internally) | |
TFSA-2022-040 | Null dereference in GetInitOp | < 2.8.0 | (discovered internally) | |
TFSA-2022-039 | Integer overflow in OpLevelCostEstimator::CalculateOutputSize | < 2.8.0 | (discovered internally) | |
TFSA-2022-038 | Integer overflow in OpLevelCostEstimator::CalculateTensorSize | < 2.8.0 | (discovered internally) | |
TFSA-2022-037 | Unitialized variable access in AssignOp | < 2.8.0 | (discovered internally) | |
TFSA-2022-036 | Heap OOB read/write in SpecializeType | >= 2.6.0, < 2.8.0 | (discovered internally) | |
TFSA-2022-035 | Crash when type cannot be specialized | >= 2.6.0, < 2.8.0 | (discovered internally) | |
TFSA-2022-034 | Null-dereference when specializing tensor type | >= 2.6.0, < 2.8.0 | (discovered internally) | |
TFSA-2022-033 | CHECK -fail when decoding invalid tensors from proto | < 2.8.0 | (discovered internally) | |
TFSA-2022-032 | Heap OOB write in Grappler | < 2.8.0 | (discovered internally) | |
TFSA-2022-031 | CHECK -fail with repeated AttrDef | < 2.8.0 | (discovered internally) | |
TFSA-2022-030 | CHECK -fail when decoding resource handles from proto | < 2.8.0 | (discovered internally) | |
TFSA-2022-029 | Missing validation causes tf.sparse.split to crash when axis is a tuple | < 2.8.0 | (Reported on GitHub) | issue |
TFSA-2022-028 | Integer overflow in Range resulting in undefined behavior and OOM | < 2.8.0 | (Reported on GitHub) | issue |
TFSA-2022-027 | Insecure temporary file | < 2.8.0 | Srikanth Prathi on huntr.dev, internal variant analysis for more fixes | |
TFSA-2022-026 | Read and Write outside of bounds in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-025 | Dangerous OOB write in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-024 | Integer overflow in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-023 | Integer overflow in TFLite array creation | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-022 | FPE in depthwise convolutions in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-021 | FPE in BiasAndClamp in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
TFSA-2022-020 | Heap overflow in SparseCountSparseOutput | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-019 | Integer overflow leading to crash in SparseCountSparseOutput | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-018 | Reference binding to null pointer in QuantizedMaxPool | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-017 | Assertion failure based denial of service via faulty bin count operations | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-016 | Undefined behavior in SparseTensorSliceDataset | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-015 | CHECK -fails when building invalid/overflowing tensor shapes | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-014 | Division by zero in FractionalMaxPool | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-013 | CHECK -failures in MapStage | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-012 | Integer overflows in AddManySparseToTensorsMap | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-011 | Integer overflows in most sparse component-wise ops | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-010 | More incomplete validation in boosted trees code | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team, Faysal Hossain Shezan from University of Virginia | |
TFSA-2022-009 | OOM due to integer overflow in StringNGrams | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-008 | OOM in ThreadPoolHandle | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-007 | Type confusion in shape inference for ConcatV2 | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-006 | Overflow and divide by zero in UnravelIndex | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-005 | Heap OOB access in FractionalAvgPoolGrad | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-004 | Integer overflow in shape inference for Dequantize | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-003 | Heap OOB access in Dequantize | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-002 | Heap OOB read in shape inference for ReverseSequence | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2022-001 | Floating point division by 0 when executing convolution operators | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
TFSA-2021-200 | Crash in tf.math.segment_* operations | < 2.7.0 | (Reported on GitHub) | issue |
TFSA-2021-199 | Crash in max_pool3d when size argument is 0 or negative | < 2.7.0 | (Reported on GitHub) | issue |
TFSA-2021-198 | Crashes due to overflow and CHECK -fail in ops with large tensor shapes | < 2.7.0 | (Reported on GitHub) | issue, issue, issue |
TFSA-2021-197 | Incomplete validation in tf.summary.create_file_writer | < 2.7.0 | (Reported on GitHub) | issue |
TFSA-2021-196 | Overflow/crash in tf.tile when tiling tensor is large | < 2.7.0 | (Reported on GitHub) | issue |
TFSA-2021-195 | Overflow/crash in tf.image.resize when size is large | < 2.7.0 | (Reported on GitHub) | issue |
TFSA-2021-194 | Overflow/crash in tf.range | < 2.7.0 | (Reported on GitHub) | issue, issue, issue |
TFSA-2021-193 | Missing validation during checkpoint loading | < 2.7.0 | (discovered internally) | |
TFSA-2021-192 | Uninitialized access in EinsumHelper::ParseEquation | < 2.7.0 | (discovered internally) | |
TFSA-2021-191 | Segfault while copying constant resource tensor | < 2.7.0 | (discovered internally) | |
TFSA-2021-190 | Incomplete validation of shapes in multiple TF ops | < 2.7.0 | (discovered internally) | |
TFSA-2021-189 | Incomplete validation in boosted trees code | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-188 | Heap OOB read in tf.raw_ops.SparseCountSparseOutput | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-187 | FPE in convolutions with zero size filters | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-186 | FPE in ParallelConcat | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-185 | Heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-184 | Heap OOB in shape inference for QuantizeV2 | >= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-183 | Heap OOB read in tf.ragged.cross | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-182 | Reference binding to nullptr in tf.ragged.cross | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-181 | Null pointer exception in DeserializeSparse | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-180 | Deadlock in mutually recursive tf.function objects | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-179 | Heap buffer overflow in Transpose | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-178 | Undefined behavior via nullptr reference binding in sparse matrix multiplication | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-177 | Use after free / memory leak in CollectiveReduceV2 | >= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-176 | Integer division by 0 in tf.raw_ops.AllToAll | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-175 | Null pointer exception when Exit node is not preceded by Enter op | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-174 | Access to invalid memory during shape inference in Cudnn* ops | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-173 | Segfault due to negative splits in SplitV | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-172 | SparseFillEmptyRows heap OOB | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-171 | Heap OOB in SparseBinCount | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-170 | Arbitrary memory read in ImmutableConst | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-169 | Heap OOB in FusedBatchNorm kernels | < 2.7.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-168 | A use of uninitialized value vulnerability in Tensorflow | < 2.7.0 | Qian Feng from Baidu Security Team | |
TFSA-2021-167 | Code injection in saved_model_cli | < 2.7.0 | Omer Kaspi from Vdoo | |
TFSA-2021-166 | Use after free and segfault in shape inference functions | < 2.6.0 | (discovered internally) | |
TFSA-2021-165 | Segfault on strings tensors with mismatched dimensions, due to Go code | >=2.5.0, < 2.6.0 | (Reported on GitHub) | PR |
TFSA-2021-164 | FPE in LSH in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-163 | Null pointer dereference in TFLite MLIR optimizations | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-162 | Null pointer dereference in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-161 | Heap OOB in TFLite's Gather* implementations | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-160 | Heap OOB in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-159 | Infinite loop in TFLite | == 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-158 | FPE in TFLite pooling operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-157 | FPE in TFLite division operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-156 | Use of unitialized value in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-155 | NPE in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-154 | Division by zero in TFLite | < 2.6.0 | Aivul Team from Qihoo 360, Yakun Zhang of Baidu Security | |
TFSA-2021-153 | Heap OOB in nested tf.map_fn with RaggedTensor s | < 2.6.0 | Haris Sahovic | |
TFSA-2021-152 | Arbitrary code execution due to YAML deserialization | < 2.6.0 | Arjun Shibu | |
TFSA-2021-151 | Missing validation in shape inference for Dequantize | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-150 | Division by 0 in most convolution operators | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-149 | Reference binding to nullptr in shape inference | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-148 | Incomplete validation in MaxPoolGrad | < 2.6.0 | Yakun Zhang of Baidu Security | |
TFSA-2021-147 | CHECK -fail in MapStage | < 2.6.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-146 | Heap OOB in SdcaOptimizerV2 | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-145 | Reference binding to nullptr in map operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-144 | Heap OOB in UpperBound and LowerBound | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-143 | Crash in NMS ops caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-142 | FPE in tf.raw_ops.UnravelIndex | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-141 | Reference binding to nullptr in unicode encoding | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-140 | Reference binding to nullptr in RaggedTensorToVariant | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-139 | Incomplete validation in MKL requantization | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-138 | Incomplete validation in QuantizeV2 | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-137 | Heap OOB in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-136 | Reference binding to nullptr in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-135 | Crash caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-134 | Division by 0 in inplace operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-133 | Reference binding to nullptr and heap OOB in binary cwise ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-132 | Reference binding to nullptr in MatrixSetDiagV* ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-131 | Reference binding to nullptr in MatrixDiagV* ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-130 | Reference binding to nullptr in RaggedTensorToSparse | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-129 | Heap OOB in ResourceScatterUpdate | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-128 | Heap OOB and CHECK fail in ResourceGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-127 | Division by 0 in ResourceGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-126 | Use after free in boosted trees creation | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-125 | Heap buffer overflow in FractionalAvgPoolGrad | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-124 | Segfault and heap buffer overflow in {Experimental,}DatasetToTFRecord | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-123 | Null pointer dereference in UncompressElement | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-122 | Incorrect validation of SaveV2 inputs | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-121 | Null pointer dereference in SparseTensorSliceDataset | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-120 | Bad alloc in StringNGrams caused by integer conversion | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-119 | Integer overflow due to conversion to unsigned | >=2.4.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-118 | Null pointer dereference in MatrixDiagPartOp | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-117 | std::abort raised from TensorListReserve | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-116 | Heap OOB in RaggedGather | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-115 | Division by 0 in ResourceScatterDiv | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-114 | Integer division by 0 in sparse reshaping | >=2.5.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-113 | Null pointer dereference and heap OOB read in operations restoring tensors | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-112 | Null pointer dereference in RaggedTensorToTensor | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-111 | Null pointer dereference in CompressElement | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-110 | Floating point exception in SparseDenseCwiseDiv | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-109 | Heap out of bounds access in sparse reduction operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-108 | Segfault in tf.raw_ops.ImmutableConst | < 2.5.0 | (discovered internally) | |
TFSA-2021-107 | Segfault in tf.raw_ops.SparseCountSparseOutput | < 2.5.0 | (discovered internally) | |
TFSA-2021-106 | Crash in tf.strings.substr due to CHECK -fail | < 2.5.0 | (Reported on GitHub) | issue report |
TFSA-2021-105 | Crash in tf.transpose with complex inputs | < 2.5.0 | (Reported on GitHub) | issue report |
TFSA-2021-104 | Null dereference in Grappler's TrySimplify | < 2.5.0 | (discovered internally) | |
TFSA-2021-103 | Stack overflow in ParseAttrValue with nested tensors | < 2.5.0 | (discovered internally) | |
TFSA-2021-102 | Interpreter crash from tf.io.decode_raw | < 2.5.0 | (discovered internally) | |
TFSA-2021-101 | Incomplete validation in tf.raw_ops.CTCLoss | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-100 | Heap buffer overflow in BandedTriangularSolve | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-099 | Invalid validation in QuantizeAndDequantizeV2 | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-098 | Incomplete validation in SparseReshape | >=2.3.0, < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-097 | Incomplete validation in SparseSparseMinimum | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-096 | Incomplete validation in SparseAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-095 | Heap OOB and null pointer dereference in RaggedTensorToTensor | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-094 | Heap OOB read in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-093 | Heap OOB write in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-092 | Integer overflow in TFLite memory allocation | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-091 | Integer overflow in TFLite concatenation | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-090 | Division by zero in TFLite's implementation of hashtable lookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-089 | Division by zero in TFLite's implementation of DepthwiseConv | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-088 | Division by zero in TFLite's implementation of OneHot | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-087 | Division by zero in TFLite's implementation of Split | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-086 | Division by zero in TFLite's implementation of SVDF | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-085 | Division by zero in TFLite's implementation of SpaceToBatchNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-084 | Division by zero in TFLite's implementation of BatchToSpaceNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-083 | Division by zero in TFLite's implementation of EmbeddingLookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-082 | Division by zero in TFLite's convolution code | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-081 | Division by zero in TFLite's implementation of DepthToSpace | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-080 | Stack overflow due to looping TFLite subgraph | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-079 | Null pointer dereference in TFLite's Reshape operator | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-078 | Heap OOB read in TFLite's implementation of Minimum or Maximum | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-077 | Division by zero in TFLite's implementation of TransposeConv | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-076 | Division by zero in TFLite's implementation of GatherNd | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-075 | Division by zero in TFLite's implementation of SpaceToDepth | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-074 | Division by zero in optimized pooling implementations in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-073 | Division by zero in padding computation in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-072 | Heap buffer overflow and undefined behavior in FusedBatchNorm | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-071 | CHECK -fail due to integer overflow | < 2.5.0 | University of Virginia and University of California, Santa Barbara | |
TFSA-2021-070 | Heap OOB read in tf.raw_ops.Dequantize | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-069 | Segfault in CTCBeamSearchDecoder | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-068 | Heap buffer overflow in MaxPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-067 | Heap buffer overflow in FractionalAvgPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-066 | Undefined behavior and CHECK -fail in FractionalMaxPoolGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-065 | Heap buffer overflow in AvgPool3DGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-064 | Heap buffer overflow in MaxPool3DGradGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-063 | Undefined behavior in MaxPool3DGradGrad | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-062 | Division by 0 in MaxPoolGradWithArgmax | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-061 | Overflow/denial of service in tf.raw_ops.ReverseSequence | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-060 | Reference binding to nullptr in SdcaOptimizer | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-059 | Memory corruption in DrawBoundingBoxesV2 | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-058 | Heap out of bounds read in RequantizationRange | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-057 | Heap out of bounds read in MaxPoolGradWithArgmax | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-056 | Lack of validation in SparseDenseCwiseMul | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-055 | Reference binding to null in ParameterizedTruncatedNormal | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-054 | Heap OOB access in Dilation2DBackpropInput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-053 | Null pointer dereference in SparseFillEmptyRows | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-052 | Null pointer dereference in EditDistance | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-051 | CHECK -fail in tf.raw_ops.RFFT | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-050 | CHECK -fail in tf.raw_ops.IRFFT | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-049 | CHECK -fail in LoadAndRemapMatrix | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-048 | Heap buffer overflow in RaggedTensorToTensor | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-047 | Heap OOB access in unicode ops | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-046 | Heap buffer overflow in SparseSplit | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-045 | Division by 0 in Reverse | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-044 | Division by 0 in SparseMatMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-043 | Division by 0 in FusedBatchNorm | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-042 | Division by 0 in DenseCountSparseOutput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-041 | CHECK -failure in UnsortedSegmentJoin | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-040 | Heap OOB in QuantizeAndDequantizeV3 | < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-039 | OOB read in MatrixTriangularSolve | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-038 | Division by 0 in FractionalAvgPool | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-037 | Division by 0 in QuantizedAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-036 | Division by 0 in QuantizedBatchNormWithGlobalNormalization | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-035 | Heap out of bounds in QuantizedBatchNormWithGlobalNormalization | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-034 | Division by 0 in QuantizedBiasAdd | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-033 | Heap buffer overflow in SparseTensorToCSRSparseMatrix | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-032 | CHECK -fail in CTCGreedyDecoder | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-031 | CHECK -fail in QuantizeAndDequantizeV4Grad | >= 2.4.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-030 | Null pointer dereference in StringNGrams | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-029 | Heap buffer overflow StringNGrams | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-028 | Heap buffer overflow Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-027 | Division by zero in Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-026 | Heap buffer overflow in QuantizedReshape | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-025 | Heap buffer overflow in QuantizedResizeBilinear | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-024 | CHECK -fail in SparseConcat | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-023 | Heap buffer overflow in QuantizedMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-022 | CHECK -fail in DrawBoundingBoxes | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-021 | Heap out of bounds read in RaggedCross | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-020 | CHECK -fail in tf.raw_ops.EncodePng | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-019 | Heap buffer overflow caused by rounding | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-018 | Invalid validation in SparseMatrixSparseCholesky | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-017 | Division by 0 in QuantizedMul | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-016 | Division by 0 in QuantizedConv2D | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-015 | Division by 0 in Conv2D | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-014 | Division by 0 in Conv2DBackpropInput | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-013 | Division by 0 in Conv2DBackpropFilter | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-012 | CHECK -fail in AddManySparseToTensorsMap | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-011 | Division by 0 in Conv3DBackprop* | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-010 | Heap buffer overflow in Conv3DBackprop* | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-009 | Segfault in SparseCountSparseOutput | >= 2.3.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-008 | CHECK -fail in SparseCross due to type confusion | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-007 | Session operations in eager mode lead to null pointer dereferences | >= 2.0.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-006 | Division by zero in Conv3D | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-005 | Null pointer dereference via invalid Ragged Tensors | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-004 | Reference binding to null pointer in MatrixDiag* ops | < 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-003 | Type confusion during tensor casts lead to dereferencing null pointers | < 2.5.0 | Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-002 | Heap out of bounds write in RaggedBinCount | >= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-001 | Heap buffer overflow in RaggedBinCount | >= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-034 | Heap out of bounds access in MakeEdge | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-033 | CHECK-fail in LSTM with zero-length input | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-032 | Heap out of bounds read in filesystem glob matching | 2.4.0-rc{0,1,2,3} | Aivul Team from Qihoo 360 | |
TFSA-2020-031 | Write to immutable memory region | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-030 | Lack of validation in data format attributes | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-029 | Uninitialized memory access in Eigen types | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-028 | Float cast overflow undefined behavior | <= 2.3 | (Reported on GitHub) | issue report |
TFSA-2020-027 | Segfault in tf.quantization.quantize_and_dequantize | <= 2.3 | (Reported on GitHub) | issue report |
TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-024 | Memory leak in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-023 | Memory corruption in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-010 | Incomplete validation in TensorFlow‘s SavedModel’s constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 | >= 1.12.0, <= 2.1 | (found internally) | |
TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum | <= 1.14 | (found internally) | |
TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
- | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |