Debian Tensorflow vulnerabilities

CVE-2020-15266 [LOW] CVE-2020-15266: tensorflow - In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_... In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorF

CVE-2020-15200 [MEDIUM] CVE-2020-15200: tensorflow - In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation... In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap

CVE-2020-15196 [HIGH] CVE-2020-15196: tensorflow - In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSpars... In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since ther

CVE-2020-26271 [MEDIUM] CVE-2020-26271: tensorflow - In affected versions of TensorFlow under certain cases, loading a saved model ca... In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of t

CVE-2019-16778 [LOW] CVE-2019-16778: tensorflow - In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be p... In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internal

CVE-2019-9635 [MEDIUM] CVE-2019-9635: tensorflow - NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial... NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. Scope: local forky: resolved sid: resolved

CVE-2018-8825 [HIGH] CVE-2018-8825: tensorflow - Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: ... Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). Scope: local forky: resolved sid: resolved

CVE-2018-7577 [HIGH] CVE-2018-7577: tensorflow - Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google Tenso... Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. Scope: local forky: resolved sid: resolved

CVE-2018-10055 [HIGH] CVE-2018-10055: tensorflow - Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compil... Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. Scope: local forky: resolved sid: resolved

CVE-2018-7575 [CRITICAL] CVE-2018-7575: tensorflow - Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerabili... Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. Scope: local forky: resolved sid: resolved

CVE-2018-21233 [MEDIUM] CVE-2018-21233: tensorflow - TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds rea... TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. Scope: local forky: resolved sid: resolved

CVE-2018-7576 [MEDIUM] CVE-2018-7576: tensorflow - Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. Th... Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. Scope: local forky: resolved sid: resolved