CVE-2023-25667

CWE-190 — Integer Overflow6 documents6 sources

Severity

7.5HIGH

EPSS

0.2%

top 56.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Tensorflow Google Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶PyPItensorflow< 2.11.1

▶PyPItensorflow-cpu< 2.11.1

▶PyPItensorflow-gpu< 2.11.1

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

TensorFlow vulnerable to segfault when opening multiframe gif↗2023-03-24

▶

CVEList

TensorFlow vulnerable to segfault when opening multiframe gif↗2023-03-24

▶

GHSA

TensorFlow vulnerable to segfault when opening multiframe gif↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow vulnerable to segfault when opening multiframe gif↗2023-03-14

▶

Debian

CVE-2023-25667: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2....↗2023

▶