tensorflow-cpu

PyPI424 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tensorflow-cpupage 1 of 9

CVE-2018-10055HIGHCVSS 8.1EG 8.1✓ Fixed in 1.7.1
2019-04-24
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
CVE-2018-21233MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.7.0
2020-05-04
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
CVE-2018-7575CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.7.1
2019-04-24
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
CVE-2018-7576MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.7.0rc0
2019-04-23
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
CVE-2018-7577HIGHCVSS 8.1EG 8.1✓ Fixed in 1.7.1
2019-04-24
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
CVE-2018-8825HIGHCVSS 8.8EG 8.8✓ Fixed in 1.7.1
2019-04-23
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
CVE-2019-16778LOWCVSS 2.6EG 2.6✓ Fixed in 1.15.0
2019-12-16
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative nu…
CVE-2019-9635MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.12.2
2019-04-24
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
CVE-2020-15190MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input t…
CVE-2020-15191MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (8 versions)
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However,…
CVE-2020-15192MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (8 versions)
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failu…
CVE-2020-15193HIGHCVSS 7.1EG 7.1✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (8 versions)
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a t…
CVE-2020-15194MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in …
CVE-2020-15195HIGHCVSS 8.5EG 8.5✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values…
CVE-2020-15196HIGHCVSS 8.5EG 8.5✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both ten…
CVE-2020-15197MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor…
CVE-2020-15198MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as t…
CVE-2020-15199MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elem…
CVE-2020-15200MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a…
CVE-2020-15201MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0 ... 2.3.0 (11 versions)
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a…
CVE-2020-15202CRITICALCVSS 9.0EG 9.0✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow…
CVE-2020-15203HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use i…
CVE-2020-15204MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked…
CVE-2020-15205CRITICALCVSS 9.0EG 9.0✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of …
CVE-2020-15206CRITICALCVSS 9.0EG 9.0✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can c…
CVE-2020-15207HIGHCVSS 8.7EG 8.7✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted…
CVE-2020-15208HIGHCVSS 7.4EG 7.4✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always return…
CVE-2020-15209MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer ser…
CVE-2020-15210MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just me…
CVE-2020-15211MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.3.1
2020-09-25
vulnerable: 1.15.0, 2.1.0, 2.1.1, 2.2.0, 2.3.0
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set …
CVE-2020-15212HIGHCVSS 8.1EG 8.1✓ Fixed in 2.2.1
2020-09-25
vulnerable: 2.2.0, 2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data`…
CVE-2020-15213MEDIUMCVSS 4.0EG 4.0✓ Fixed in 2.3.1
2020-09-25
vulnerable: 2.2.0, 2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holdin…
CVE-2020-15214HIGHCVSS 8.1EG 8.1✓ Fixed in 2.3.1
2020-09-25
vulnerable: 2.2.0, 2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last e…
CVE-2020-15265MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.4.0
2020-10-21
vulnerable: 1.15.0 ... 2.3.4 (15 versions)
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. How…
CVE-2020-15266LOWCVSS 3.7EG 3.7✓ Fixed in 2.4.0
2020-10-21
vulnerable: 1.15.0 ... 2.3.4 (15 versions)
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined b…
CVE-2020-26266MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.3.2
2020-12-10
vulnerable: 1.15.0 ... 2.3.1 (8 versions)
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to defa…
CVE-2020-26267MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.3.2
2020-12-10
vulnerable: 1.15.0 ... 2.3.1 (8 versions)
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized…
CVE-2020-26268MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.3.2
2020-12-10
vulnerable: 1.15.0 ... 2.3.1 (8 versions)
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation cr…
CVE-2020-26269HIGHCVSS 7.5EG 7.5✓ Fixed in 2.4.0
2020-12-10
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants an…
CVE-2020-26270MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.3.2
2020-12-10
vulnerable: 1.15.0 ... 2.3.1 (8 versions)
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial …
CVE-2020-26271MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.3.2
2020-12-10
vulnerable: 1.15.0 ... 2.3.1 (8 versions)
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src nod…
CVE-2020-5215MEDIUMCVSS 5.0EG 5.0✓ Fixed in 2.0.1
2020-01-28
vulnerable: 1.15.0
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial o…
CVE-2021-29512LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacke…
CVE-2021-29513LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.3
2021-05-14
vulnerable: 1.15.0 ... 2.4.2 (17 versions)
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array…
CVE-2021-29514LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.3
2021-05-14
vulnerable: 1.15.0 ... 2.4.2 (17 versions)
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacke…
CVE-2021-29515LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 1.15.0 ... 2.4.1 (13 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixDiag*` operations(https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/mat…
CVE-2021-29516LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 1.15.0 ... 2.4.1 (13 versions)
TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of `RaggedTensor…
CVE-2021-29517LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 1.15.0 ... 2.4.1 (13 versions)
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in `Conv3D` implementation. The implementation(https://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b5…
CVE-2021-29518LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 1.15.0 ... 2.4.1 (13 versions)
TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer…
CVE-2021-29519LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.2
2021-05-14
vulnerable: 1.15.0 ... 2.4.1 (13 versions)
TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github…

Check whether tensorflow-cpu is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow-cpu CVEs against the assets you own.

Start Free Scan →