Intel Optimization For Tensorflow vulnerabilities

CVE-2018-21233 [HIGH] CWE-125 Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in `core/kernels/decode_bmp_op.cc`.

CVE-2020-5215 [LOW] CWE-754 Segmentation faultin TensorFlow when converting a Python string to `tf.float16` Segmentation faultin TensorFlow when converting a Python string to `tf.float16` ### Impact Converting a string (from Python) to a `tf.float16` value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains

CVE-2019-16778 [LOW] CWE-122 Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow ### Impact A heap buffer overflow in `UnsortedSegmentSum` can be produced when the `Index` template argument is `int32`. In this case `data_size` and `num_segments` fields are truncated from `int64` to `int32` and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and

CVE-2018-7575 [CRITICAL] CWE-190 Integer Overflow or Wraparound in Google TensorFlow Integer Overflow or Wraparound in Google TensorFlow ### Issue Description Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. The block size in meta file might contain a large int64 value which causes an integer overflow upon addition. Subsequent code using n as index may cause an out-of-bounds read. ### Impact A maliciously crafted

CVE-2019-9635 [HIGH] CWE-476 NULL Pointer Dereference in Google TensorFlow NULL Pointer Dereference in Google TensorFlow NULL pointer dereference in Google TensorFlow before 1.12.1 could cause a denial of service via an invalid GIF file.

CVE-2018-10055 [HIGH] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

CVE-2018-7577 [HIGH] CWE-20 Improper Input Validation in Google TensorFlow Improper Input Validation in Google TensorFlow Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

CVE-2018-8825 [HIGH] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). Users passing a malformed or malicious version of a TFLite graph into TOCO will cause TOCO to crash or cause a buffer overflow, potentially allowing malicious code to be ex

CVE-2018-7576 [HIGH] CWE-476 Null pointer dereference in TensorFlow leads to exploitation Null pointer dereference in TensorFlow leads to exploitation Google TensorFlow 1.0.0 through 1.5.1 is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.