CVE-2023-25668 – TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
https://notcve.org/view.php?id=CVE-2023-25668
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2023-25669 – TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
https://notcve.org/view.php?id=CVE-2023-25669
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p • CWE-697: Incorrect Comparison •
CVE-2023-25670 – TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
https://notcve.org/view.php?id=CVE-2023-25670
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w • CWE-476: NULL Pointer Dereference •
CVE-2023-25671 – TensorFlow has segmentation fault in tfg-translate
https://notcve.org/view.php?id=CVE-2023-25671
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367 https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6 • CWE-787: Out-of-bounds Write •
CVE-2023-25672 – TensorFlow has Null Pointer Error in LookupTableImportV2
https://notcve.org/view.php?id=CVE-2023-25672
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. • https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r • CWE-476: NULL Pointer Dereference •