CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK`…

CVE-2020-15208 [HIGH] CVE-2020-15208: tensorflow - In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when d... In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. Scope: local forky: resolved sid: resolved

CVE-2020-15208 [HIGH] Data corruption in tensorflow-lite Data corruption in tensorflow-lite ### Impact When determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.h#L437-L442 Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. ### Patches We have patched the issue in 8ee24e7949a20 and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.

CVE-2020-15208 CVE-2020-15208: In tensorflow-lite before versions 1 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CVE-2020-15208 [HIGH] CWE-125 Data corruption in tensorflow-lite Data corruption in tensorflow-lite ### Impact When determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.h#L437-L442 Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. ### Patches We have patched the issue in 8ee24e7949a20 and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.

Multi-Agent Framework for Threat Mitigation and Resilience in AI-Based Systems Multi-Agent Framework for Threat Mitigation and Resilience in AI–Based Systems Armstrong Foundjem, sMIEEE, Lionel Nganyewou Tidjon, sMIEEE, Leuson Da Silva, and Foutse Khomh, sMIEEE All authors are affiliated with the Department of Computer and Software Engineering, Polytechnique Montreal, QC H3T 0A3, e-mail: \a.foundjem,lionel.tidjon,leuson-mario-pedro.da-silva,foutse.khomh\@polymtl.ca. ## Abstract Machine learning (ML) increasingly underpins foundation models and autonomous pipelines in high-stakes domains such as finance, healthcare, and national infrastructure, rendering these systems prime targets for sophisticated adversarial threats. Attackers now leverage advanced Tactics, Techniques, and Procedures (TTPs) spanning data poisoning, model extraction, prompt injection, automated ja