Page 30 of 427 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/image/decode_image_op.cc#L322-L416 https://github.com/tensorflow/tensorflow/commit/ab51e5b813573dc9f51efa335aebcf2994125ee9 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq6p-6334-8gr4 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/dependency_optimizer.cc#L59-L98 https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790 https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7 • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742 https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082 https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6 https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. • https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L1552-L1558 https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8 • CWE-190: Integer Overflow or Wraparound •