C++ fuzzing:
Python fuzzing:
We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| TFSA-2021-200 | Crash in tf.math.segment_* operations |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-199 | Crash in max_pool3d when size argument is 0 or negative |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-198 | Crashes due to overflow and CHECK-fail in ops with large tensor shapes |
< 2.7.0 | (Reported on GitHub) | issue, issue, issue |
| TFSA-2021-197 | Incomplete validation in tf.summary.create_file_writer |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-196 | Overflow/crash in tf.tile when tiling tensor is large |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-195 | Overflow/crash in tf.image.resize when size is large |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-194 | Overflow/crash in tf.range |
< 2.7.0 | (Reported on GitHub) | issue, issue, issue |
| TFSA-2021-193 | Missing validation during checkpoint loading | < 2.7.0 | (discovered internally) | |
| TFSA-2021-192 | Uninitialized access in EinsumHelper::ParseEquation |
< 2.7.0 | (discovered internally) | |
| TFSA-2021-191 | Segfault while copying constant resource tensor | < 2.7.0 | (discovered internally) | |
| TFSA-2021-190 | Incomplete validation of shapes in multiple TF ops | < 2.7.0 | (discovered internally) | |
| TFSA-2021-189 | Incomplete validation in boosted trees code | < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-188 | Heap OOB read in tf.raw_ops.SparseCountSparseOutput |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-187 | FPE in convolutions with zero size filters | < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-186 | FPE in ParallelConcat |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-185 | Heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-184 | Heap OOB in shape inference for QuantizeV2 |
>= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-183 | Heap OOB read in tf.ragged.cross |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-182 | Reference binding to nullptr in tf.ragged.cross |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-181 | Null pointer exception in DeserializeSparse |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-180 | Deadlock in mutually recursive tf.function objects |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-179 | Heap buffer overflow in Transpose |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-178 | Undefined behavior via nullptr reference binding in sparse matrix multiplication |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-177 | Use after free / memory leak in CollectiveReduceV2 |
>= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-176 | Integer division by 0 in tf.raw_ops.AllToAll |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-175 | Null pointer exception when Exit node is not preceded by Enter op |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-174 | Access to invalid memory during shape inference in Cudnn* ops |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-173 | Segfault due to negative splits in SplitV |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-172 | SparseFillEmptyRows heap OOB |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-171 | Heap OOB in SparseBinCount |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-170 | Arbitrary memory read in ImmutableConst |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-169 | Heap OOB in FusedBatchNorm kernels |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-168 | A use of uninitialized value vulnerability in Tensorflow | < 2.7.0 | Qian Feng from Baidu Security Team | |
| TFSA-2021-167 | Code injection in saved_model_cli |
< 2.7.0 | Omer Kaspi from Vdoo | |
| TFSA-2021-166 | Use after free and segfault in shape inference functions | < 2.6.0 | (discovered internally) | |
| TFSA-2021-165 | Segfault on strings tensors with mismatched dimensions, due to Go code | >=2.5.0, < 2.6.0 | (Reported on GitHub) | PR |
| TFSA-2021-164 | FPE in LSH in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-163 | Null pointer dereference in TFLite MLIR optimizations | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-162 | Null pointer dereference in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-161 | Heap OOB in TFLite's Gather* implementations |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-160 | Heap OOB in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-159 | Infinite loop in TFLite | == 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-158 | FPE in TFLite pooling operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-157 | FPE in TFLite division operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-156 | Use of unitialized value in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-155 | NPE in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-154 | Division by zero in TFLite | < 2.6.0 | Aivul Team from Qihoo 360, Yakun Zhang of Baidu Security | |
| TFSA-2021-153 | Heap OOB in nested tf.map_fn with RaggedTensors |
< 2.6.0 | Haris Sahovic | |
| TFSA-2021-152 | Arbitrary code execution due to YAML deserialization | < 2.6.0 | Arjun Shibu | |
| TFSA-2021-151 | Missing validation in shape inference for Dequantize |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-150 | Division by 0 in most convolution operators | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-149 | Reference binding to nullptr in shape inference | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-148 | Incomplete validation in MaxPoolGrad |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-147 | CHECK-fail in MapStage |
< 2.6.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-146 | Heap OOB in SdcaOptimizerV2 |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-145 | Reference binding to nullptr in map operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-144 | Heap OOB in UpperBound and LowerBound |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-143 | Crash in NMS ops caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-142 | FPE in tf.raw_ops.UnravelIndex |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-141 | Reference binding to nullptr in unicode encoding | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-140 | Reference binding to nullptr in RaggedTensorToVariant |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-139 | Incomplete validation in MKL requantization | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-138 | Incomplete validation in QuantizeV2 |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-137 | Heap OOB in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-136 | Reference binding to nullptr in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-135 | Crash caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-134 | Division by 0 in inplace operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-133 | Reference binding to nullptr and heap OOB in binary cwise ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-132 | Reference binding to nullptr in MatrixSetDiagV* ops |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-131 | Reference binding to nullptr in MatrixDiagV* ops |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-130 | Reference binding to nullptr in RaggedTensorToSparse |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-129 | Heap OOB in ResourceScatterUpdate |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-128 | Heap OOB and CHECK fail in ResourceGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-127 | Division by 0 in ResourceGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-126 | Use after free in boosted trees creation | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-125 | Heap buffer overflow in FractionalAvgPoolGrad |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-124 | Segfault and heap buffer overflow in {Experimental,}DatasetToTFRecord |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-123 | Null pointer dereference in UncompressElement |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-122 | Incorrect validation of SaveV2 inputs |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-121 | Null pointer dereference in SparseTensorSliceDataset |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-120 | Bad alloc in StringNGrams caused by integer conversion |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-119 | Integer overflow due to conversion to unsigned | >=2.4.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-118 | Null pointer dereference in MatrixDiagPartOp |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-117 | std::abort raised from TensorListReserve |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-116 | Heap OOB in RaggedGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-115 | Division by 0 in ResourceScatterDiv |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-114 | Integer division by 0 in sparse reshaping | >=2.5.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-113 | Null pointer dereference and heap OOB read in operations restoring tensors | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-112 | Null pointer dereference in RaggedTensorToTensor |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-111 | Null pointer dereference in CompressElement |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-110 | Floating point exception in SparseDenseCwiseDiv |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-109 | Heap out of bounds access in sparse reduction operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-108 | Segfault in tf.raw_ops.ImmutableConst |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-107 | Segfault in tf.raw_ops.SparseCountSparseOutput |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-106 | Crash in tf.strings.substr due to CHECK-fail |
< 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-105 | Crash in tf.transpose with complex inputs |
< 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-104 | Null dereference in Grappler's TrySimplify |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-103 | Stack overflow in ParseAttrValue with nested tensors |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-102 | Interpreter crash from tf.io.decode_raw |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-101 | Incomplete validation in tf.raw_ops.CTCLoss |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-100 | Heap buffer overflow in BandedTriangularSolve |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-099 | Invalid validation in QuantizeAndDequantizeV2 |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-098 | Incomplete validation in SparseReshape |
>=2.3.0, < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-097 | Incomplete validation in SparseSparseMinimum |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-096 | Incomplete validation in SparseAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-095 | Heap OOB and null pointer dereference in RaggedTensorToTensor |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-094 | Heap OOB read in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-093 | Heap OOB write in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-092 | Integer overflow in TFLite memory allocation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-091 | Integer overflow in TFLite concatenation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-090 | Division by zero in TFLite's implementation of hashtable lookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-089 | Division by zero in TFLite's implementation of DepthwiseConv |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-088 | Division by zero in TFLite's implementation of OneHot |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-087 | Division by zero in TFLite's implementation of Split |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-086 | Division by zero in TFLite's implementation of SVDF |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-085 | Division by zero in TFLite's implementation of SpaceToBatchNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-084 | Division by zero in TFLite's implementation of BatchToSpaceNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-083 | Division by zero in TFLite's implementation of EmbeddingLookup |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-082 | Division by zero in TFLite's convolution code | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-081 | Division by zero in TFLite's implementation of DepthToSpace |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-080 | Stack overflow due to looping TFLite subgraph | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-079 | Null pointer dereference in TFLite's Reshape operator |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-078 | Heap OOB read in TFLite's implementation of Minimum or Maximum |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-077 | Division by zero in TFLite's implementation of TransposeConv |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-076 | Division by zero in TFLite's implementation of GatherNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-075 | Division by zero in TFLite's implementation of SpaceToDepth |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-074 | Division by zero in optimized pooling implementations in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-073 | Division by zero in padding computation in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-072 | Heap buffer overflow and undefined behavior in FusedBatchNorm |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-071 | CHECK-fail due to integer overflow |
< 2.5.0 | University of Virginia and University of California, Santa Barbara | |
| TFSA-2021-070 | Heap OOB read in tf.raw_ops.Dequantize |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-069 | Segfault in CTCBeamSearchDecoder |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-068 | Heap buffer overflow in MaxPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-067 | Heap buffer overflow in FractionalAvgPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-066 | Undefined behavior and CHECK-fail in FractionalMaxPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-065 | Heap buffer overflow in AvgPool3DGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-064 | Heap buffer overflow in MaxPool3DGradGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-063 | Undefined behavior in MaxPool3DGradGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-062 | Division by 0 in MaxPoolGradWithArgmax |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-061 | Overflow/denial of service in tf.raw_ops.ReverseSequence |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-060 | Reference binding to nullptr in SdcaOptimizer |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-059 | Memory corruption in DrawBoundingBoxesV2 |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-058 | Heap out of bounds read in RequantizationRange |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-057 | Heap out of bounds read in MaxPoolGradWithArgmax |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-056 | Lack of validation in SparseDenseCwiseMul |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-055 | Reference binding to null in ParameterizedTruncatedNormal |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-054 | Heap OOB access in Dilation2DBackpropInput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-053 | Null pointer dereference in SparseFillEmptyRows |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-052 | Null pointer dereference in EditDistance |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-051 | CHECK-fail in tf.raw_ops.RFFT |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-050 | CHECK-fail in tf.raw_ops.IRFFT |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-049 | CHECK-fail in LoadAndRemapMatrix |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-048 | Heap buffer overflow in RaggedTensorToTensor |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-047 | Heap OOB access in unicode ops | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-046 | Heap buffer overflow in SparseSplit |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-045 | Division by 0 in Reverse |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-044 | Division by 0 in SparseMatMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-043 | Division by 0 in FusedBatchNorm |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-042 | Division by 0 in DenseCountSparseOutput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-041 | CHECK-failure in UnsortedSegmentJoin |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-040 | Heap OOB in QuantizeAndDequantizeV3 |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-039 | OOB read in MatrixTriangularSolve |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-038 | Division by 0 in FractionalAvgPool |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-037 | Division by 0 in QuantizedAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-036 | Division by 0 in QuantizedBatchNormWithGlobalNormalization |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-035 | Heap out of bounds in QuantizedBatchNormWithGlobalNormalization |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-034 | Division by 0 in QuantizedBiasAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-033 | Heap buffer overflow in SparseTensorToCSRSparseMatrix |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-032 | CHECK-fail in CTCGreedyDecoder |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-031 | CHECK-fail in QuantizeAndDequantizeV4Grad |
>= 2.4.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-030 | Null pointer dereference in StringNGrams |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-029 | Heap buffer overflow StringNGrams |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-028 | Heap buffer overflow Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-027 | Division by zero in Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-026 | Heap buffer overflow in QuantizedReshape |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-025 | Heap buffer overflow in QuantizedResizeBilinear |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-024 | CHECK-fail in SparseConcat |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-023 | Heap buffer overflow in QuantizedMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-022 | CHECK-fail in DrawBoundingBoxes |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-021 | Heap out of bounds read in RaggedCross |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-020 | CHECK-fail in tf.raw_ops.EncodePng |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-019 | Heap buffer overflow caused by rounding | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-018 | Invalid validation in SparseMatrixSparseCholesky |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-017 | Division by 0 in QuantizedMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-016 | Division by 0 in QuantizedConv2D |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-015 | Division by 0 in Conv2D |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-014 | Division by 0 in Conv2DBackpropInput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-013 | Division by 0 in Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-012 | CHECK-fail in AddManySparseToTensorsMap |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-011 | Division by 0 in Conv3DBackprop* |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-010 | Heap buffer overflow in Conv3DBackprop* |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-009 | Segfault in SparseCountSparseOutput |
>= 2.3.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-008 | CHECK-fail in SparseCross due to type confusion |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-007 | Session operations in eager mode lead to null pointer dereferences | >= 2.0.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-006 | Division by zero in Conv3D |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-005 | Null pointer dereference via invalid Ragged Tensors | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-004 | Reference binding to null pointer in MatrixDiag* ops |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-003 | Type confusion during tensor casts lead to dereferencing null pointers | < 2.5.0 | Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-002 | Heap out of bounds write in RaggedBinCount |
>= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-001 | Heap buffer overflow in RaggedBinCount |
>= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-034 | Heap out of bounds access in MakeEdge | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-033 | CHECK-fail in LSTM with zero-length input | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-032 | Heap out of bounds read in filesystem glob matching | 2.4.0-rc{0,1,2,3} | Aivul Team from Qihoo 360 | |
| TFSA-2020-031 | Write to immutable memory region | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-030 | Lack of validation in data format attributes | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-029 | Uninitialized memory access in Eigen types | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-028 | Float cast overflow undefined behavior | <= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-027 | Segfault in tf.quantization.quantize_and_dequantize |
<= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-024 | Memory leak in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-023 | Memory corruption in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad |
>= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string |
>= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams |
>= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-010 | Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
| TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
| TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 |
>= 1.12.0, <= 2.1 | (found internally) | |
| TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum |
<= 1.14 | (found internally) | |
| TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
| - | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |