C++ fuzzing:
Python fuzzing:
We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| TFSA-20223-020 | OOB Read in GRUBlockCellGrad | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-019 | FPE in AvgPoolGrad with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-018 | OOB read in DynamicStitch | <= 2.12.0 | Google OSS VRP | |
| TFSA-20223-017 | NPE in QuantizedMatMulWithBiasAndDequantize | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-016 | Seg fault in tf.raw_ops.Print |
<= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-20223-015 | Segmentation fault in tfg-translate | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-014 | Integer overflow in EditDistance | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-013 | FPE in TensorListSplit with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-012 | NPE in TensorArrayConcatV2 | <= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-20223-011 | FPE in TensorListSplit with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-010 | Heap-buffer-overflow in AvgPoolGrad | <= 2.12.0 | evn@google.com | |
| TFSA-20223-009 | NPE in RandomShuffle with XLA enable | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-008 | FPE in AudioSpectrogram | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-007 | Segfault in Bincount with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-006 | NPE in SparseSparseMaximum | <= 2.12.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-20223-005 | Null dereference on ParallelConcat with XLA | <= 2.12.0 | r3pwnx of 360 AIVul Team | |
| TFSA-20223-004 | Segfault when opening multiframe gif | <= 2.12.0 | Andrei | |
| TFSA-20223-003 | Double free in Fractional(Max/Avg)Pool | <= 2.12.0 | https://github.com/dmc1778 of nimashiri2012@gmail.com | |
| TFSA-20223-002 | A heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation | <= 2.12.0 | ||
| TFSA-20223-001 | FPE in TFLite in conv kernel | <= 2.12.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-170 | CHECK fail in TensorListScatter and TensorListScatterV2 in eager mode |
<= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-169 | CHECK failure in SobolSample via missing validation |
<= 2.11.0 | (multiple authors) | |
| TFSA-2022-168 | Heap overflow in QuantizeAndDequantizeV2 |
<= 2.11.0 | Reported via OSS VRP | |
| TFSA-2022-167 | OOB write in grappler | <= 2.11.0 | (discovered internally) | |
| TFSA-2022-166 | Invalid char to bool conversion when printing a tensor | <= 2.11.0 | (discovered internally) | |
| TFSA-2022-165 | FractionalMaxPool and FractionalAvgPool heap out-of-buffer | <= 2.11.0 | Reported via OSS VRP | |
| TFSA-2022-164 | CHECK_EQ fail via input in SparseMatrixNNZ |
<= 2.11.0 | Kang Hong Jin | |
| TFSA-2022-163 | Segfault in CompositeTensorVariantToComponents |
<= 2.11.0 | pattarakritr@smu.edu.sg | |
| TFSA-2022-162 | CHECK fail via inputs in PyFunc |
<= 2.11.0 | pattarakritr@smu.edu.sg | |
| TFSA-2022-161 | CHECK fail via inputs in SdcaOptimizer |
<= 2.11.0 | Zizhuang Deng of IIE, UCAS | |
| TFSA-2022-160 | CHECK fail via inputs in SparseFillEmptyRowsGrad |
<= 2.11.0 | Jiawei Liu, PhD student at University of Illinois, Urbana-Champaign | |
| TFSA-2022-159 | FractionalMaxPoolGrad Heap OOB |
<= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
| TFSA-2022-158 | tf.raw_ops.Mfcc crashes |
<= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
| TFSA-2022-157 | MirrorPadGrad heap oob |
<= 2.11.0 | Yu Tian from Qihoo 360 AIVul Team | |
| TFSA-2022-156 | Buffer overflow in CONV_3D_TRANSPOSE on TFLite |
<= 2.11.0 | Thibaut Goetghebuer-Planchon, Arm Ltd. | |
| TFSA-2022-155 | CHECK_EQ fail in tf.raw_ops.TensorListResize |
<= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-154 | Segfault in tf.raw_ops.TensorListConcat |
<= 2.11.0 | Tong Liu, ShanghaiTech University | |
| TFSA-2022-153 | CHECK fail in BCast overflow |
<= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-152 | Segfault via invalid attributes in pywrap_tfe_src.cc |
<= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-151 | FPE in tf.image.generate_bounding_box_proposals |
<= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-150 | Overflow in tf.keras.losses.poisson |
>= 2.9.0, <= 2.11.0 | Pattarakrit Rattankul | |
| TFSA-2022-149 | Overflow in ResizeNearestNeighborGrad |
<= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
| TFSA-2022-148 | Overflow in ImageProjectiveTransformV2 |
<= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
| TFSA-2022-147 | Overflow in FusedResizeAndPadConv2D |
<= 2.11.0 | Neophytos Christou from the Secure Systems Lab (SSL) at Brown University | |
| TFSA-2022-146 | Seg fault in ndarray_tensor_bridge due to zero and large input |
<= 2.11.0 | Pattarakrit Rattanukul | |
| TFSA-2022-145 | OOB seg fault in DynamicStitch due to missing validation |
<= 2.11.0 | Zizhuang Deng of IIE, UCAS | |
| TFSA-2022-144 | ThreadUnsafeUnigramCandidateSampler Heap OOB | <= 2.11.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-143 | OOB read in Gather_nd op in TF Lite Micro |
<= 2.10.0 | Hui Peng from Baidu Security | |
| TFSA-2022-142 | CHECK-fail in tensorflow::full_type::SubstituteFromAttrs |
<= 2.10.0 | (discovered internally) | |
| TFSA-2022-141 | Integer overflow in math ops | <= 2.10.0 | (discovered internally) | |
| TFSA-2022-140 | Null-dereference in mlir::tfg::TFOp::nameAttr |
<= 2.10.0 | (discovered internally) | |
| TFSA-2022-139 | Null-dereference in mlir::tfg::GraphDefImporter::ConvertNodeDef |
<= 2.10.0 | (discovered internally) | |
| TFSA-2022-138 | Assertion fail on MLIR empty edge names | <= 2.10.0 | (discovered internally) | |
| TFSA-2022-137 | Null dereference on MLIR on empty function attributes | <= 2.10.0 | (discovered internally) | |
| TFSA-2022-136 | CHECK fail in Eig |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-135 | CHECK fail in DrawBoundingBoxes |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-134 | CHECK fail in Unbatch |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-133 | CHECK fail in RandomPoissonV2 |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-132 | CHECK fail in tf.random.gamma |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-131 | CHECK fail in FakeQuantWithMinMaxVarsGradient |
<= 2.10.0 | (multiple authors) | |
| TFSA-2022-130 | CHECK fail in FakeQuantWithMinMaxVarsPerChannelGradient |
<= 2.10.0 | (multiple authors) | |
| TFSA-2022-129 | CHECK fail in TensorListScatter and TensorListScatterV2 |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-128 | CHECK fail in TensorListFromTensor |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-127 | CHECK fail in SetSize |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-126 | CHECK fail in CollectiveGather |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-125 | CHECK fail in AudioSummaryV2 |
<= 2.10.0 | 刘力源, Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology | |
| TFSA-2022-124 | Floating point exception in Conv2D |
<= 2.10.0 | Jingyi Shi | |
| TFSA-2022-123 | CHECK fail in tf.sparse.cross |
<= 2.10.0 | Kang Hong Jin | |
| TFSA-2022-122 | CHECK fail in EmptyTensorList |
<= 2.10.0 | Kang Hong Jin | |
| TFSA-2022-121 | CHECK fail in Conv2DBackpropInput |
<= 2.10.0 | Jingyi Shi | |
| TFSA-2022-120 | CHECK fail in MaxPool |
<= 2.10.0 | Jingyi Shi | |
| TFSA-2022-119 | CHECK fail in tf.linalg.matrix_rank |
<= 2.10.0 | Kang Hong Jin | |
| TFSA-2022-118 | CHECK fail in DenseBincount |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-117 | Segfault in RaggedBincount |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-116 | CHECK fail in LRNGrad |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-115 | CHECK fail in ParameterizedTruncatedNormal |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-114 | CHECK fail in Save and SaveSlices |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-113 | Segfault in SparseBincount |
<= 2.10.0 | Di Jin, Secure Systems Labs, Brown University | |
| TFSA-2022-112 | CHECK fail in QuantizeAndDequantizeV3 |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-111 | CHECK fail in RaggedTensorToVariant |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-110 | CHECK fail in FractionalMaxPoolGrad |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-109 | Segfault in QuantizedRelu and QuantizedRelu6 |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-108 | Segfault in QuantizeDownAndShrinkRange |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-107 | Segfault in QuantizedMatMul |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-106 | CHECK fail in FakeQuantWithMinMaxVarsPerChannel |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-105 | Segfault in QuantizedBiasAdd |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-104 | Segfault in Requantize |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-103 | CHECK fail in FakeQuantWithMinMaxVars |
<= 2.10.0 | (multiple authors) | |
| TFSA-2022-102 | Segfault in QuantizedInstanceNorm |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-101 | CHECK fail in Conv2DBackpropInput |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-100 | CHECK fail in AvgPoolGrad |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-099 | Segfault in QuantizedAdd |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-098 | Segfault in QuantizedAvgPool |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-097 | Segfault in LowerBound and UpperBound |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-096 | Segfault in BlockLSTMGradV2 |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-095 | CHECK failures in FractionalAvgPoolGrad |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-094 | CHECK failures in AvgPool3DGrad |
<= 2.10.0 | Neophytos Christou, Secure Systems Labs, Brown University | |
| TFSA-2022-093 | Segfault TFLite converter on per-channel quantized transposed convolutions | <= 2.10.0 | (Reported on GitHub) | issue |
| TFSA-2022-092 | CHECK failures in UnbatchGradOp |
<= 2.10.0 | (multiple authors) | |
| TFSA-2022-091 | CHECK failure in AvgPoolOp |
<= 2.10.0 | Jingyi Shi | |
| TFSA-2022-090 | Int overflow in RaggedRangeOp |
<= 2.10.0 | Jingyi Shi | |
| TFSA-2022-089 | OOB write in Scatter_nd op in TF Lite |
<= 2.10.0 | Hui Peng from Baidu Security | |
| TFSA-2022-088 | CHECK failure in TensorListReserve via missing validation |
<= 2.10.0 | Kang Hong Jin from Singapore Management University | |
| TFSA-2022-087 | OOB read in Gather_nd op in TF Lite |
<= 2.10.0 | Hui Peng from Baidu Security | |
| TFSA-2022-086 | CHECK failure in SobolSample via missing validation |
<= 2.10.0 | (multiple authors) | |
| TFSA-2022-085 | CHECK failure in tf.reshape via overflows |
<= 2.10.0 | Kang Hong Jin from Singapore Management University | |
| TFSA-2022-084 | Heap buffer overflow due to incorrect hash function | == 2.8.0 | (discovered internally) | |
| TFSA-2022-083 | Type confusion leading to CHECK-failure based denial of service |
< 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-082 | Incomplete validation in signal ops leads to crashes | < 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-081 | Core dump when loading TFLite models with quantization | < 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-080 | Segfault if tf.histogram_fixed_width is called with NaN values |
< 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-079 | Denial of service in tf.ragged.constant due to lack of validation |
< 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-078 | Missing validation causes denial of service via Conv3DBackpropFilterV2 |
< 2.9.0 | (Reported on GitHub) | issue |
| TFSA-2022-077 | Segfault and OOB write due to incomplete validation in EditDistance |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-076 | Integer overflow in SpaceToBatchND |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-075 | Missing validation results in undefined behavior in QuantizedConv2D |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-074 | Missing validation results in undefined behavior in SparseTensorDenseAdd |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-073 | Segfault due to missing support for quantized types | < 2.9.0 | Hong Jin, Singapore Management University | |
| TFSA-2022-072 | Undefined behavior when users supply invalid resource handles | < 2.9.0 | Hong Jin, Singapore Management University | |
| TFSA-2022-071 | CHECK failure in depthwise ops via overflows |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-070 | Missing validation causes denial of service via Conv3DBackpropFilterV2 |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-069 | Missing validation causes denial of service via LSTMBlockCell |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-068 | Missing validation causes denial of service via SparseTensorToCSRSparseMatrix |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-067 | Missing validation causes denial of service via LoadAndRemapMatrix |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-066 | Missing validation causes denial of service via UnsortedSegmentJoin |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-065 | Missing validation causes denial of service via StagePeek |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-064 | Missing validation causes denial of service via GetSessionTensor |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-063 | Missing validation causes denial of service via DeleteSessionTensor |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-062 | Missing validation crashes QuantizeAndDequantizeV4Grad |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University | |
| TFSA-2022-061 | Missing validation causes TensorSummaryV2 to crash |
< 2.9.0 | Neophytos Christou, Secure Systems Lab, Brown University and Hong Jin, Singapore Management University | |
| TFSA-2022-060 | Code injection in saved_model_cli |
< 2.9.0 | Andey Robins, Cybersecurity Education and Research Lab, University of Wyoming | |
| TFSA-2022-059 | Null pointer dereference in BuildXlaCompilationCache (XLA) |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-058 | Segfault in simplifyBroadcast (MLIR) |
== 2.8.0 | (discovered internally) | |
| TFSA-2022-057 | Multiple crashes, heap OOB accesses in TFG dialect (MLIR) | >= 2.7.0, < 2.8.0 | (discovered internally) | |
| TFSA-2022-056 | Crash due to erroneous StatusOr |
>= 2.7.0, < 2.8.0 | (discovered internally) | |
| TFSA-2022-055 | Heap OOB access in RunForwardTypeInference |
== 2.8.0 | (discovered internally) | |
| TFSA-2022-054 | Stack overflow due to self-recursive function in GraphDef |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-053 | CHECK failure in constant folding |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-052 | Null pointer dereference in Grappler's IsConstant |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-051 | Integer overflow in Grappler cost estimation of crop and resize operation | < 2.8.0 | (discovered internally) | |
| TFSA-2022-050 | CHECK-fails due to attempting to build a reference tensor |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-049 | Multiple CHECK-fails in function.cc |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-048 | Memory leak in decoding PNG images | < 2.8.0 | (discovered internally) | |
| TFSA-2022-047 | Use after free in DecodePng kernel |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-046 | CHECK-failures in binary ops due to type confusion |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-045 | CHECK-failures in TensorByteSize |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-044 | CHECK-failures during Grappler's SafeToRemoveIdentity |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-043 | CHECK-failures during Grappler's IsSimplifiableReshape |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-042 | Abort caused by allocating a vector that is too large | < 2.8.0 | (discovered internally) | |
| TFSA-2022-041 | Memory leak when a graph node is invalid | < 2.8.0 | (discovered internally) | |
| TFSA-2022-040 | Null dereference in GetInitOp |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-039 | Integer overflow in OpLevelCostEstimator::CalculateOutputSize |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-038 | Integer overflow in OpLevelCostEstimator::CalculateTensorSize |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-037 | Unitialized variable access in AssignOp |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-036 | Heap OOB read/write in SpecializeType |
>= 2.6.0, < 2.8.0 | (discovered internally) | |
| TFSA-2022-035 | Crash when type cannot be specialized | >= 2.6.0, < 2.8.0 | (discovered internally) | |
| TFSA-2022-034 | Null-dereference when specializing tensor type | >= 2.6.0, < 2.8.0 | (discovered internally) | |
| TFSA-2022-033 | CHECK-fail when decoding invalid tensors from proto |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-032 | Heap OOB write in Grappler | < 2.8.0 | (discovered internally) | |
| TFSA-2022-031 | CHECK-fail with repeated AttrDef |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-030 | CHECK-fail when decoding resource handles from proto |
< 2.8.0 | (discovered internally) | |
| TFSA-2022-029 | Missing validation causes tf.sparse.split to crash when axis is a tuple |
< 2.8.0 | (Reported on GitHub) | issue |
| TFSA-2022-028 | Integer overflow in Range resulting in undefined behavior and OOM | < 2.8.0 | (Reported on GitHub) | issue |
| TFSA-2022-027 | Insecure temporary file | < 2.8.0 | Srikanth Prathi on huntr.dev, internal variant analysis for more fixes | |
| TFSA-2022-026 | Read and Write outside of bounds in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-025 | Dangerous OOB write in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-024 | Integer overflow in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-023 | Integer overflow in TFLite array creation | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-022 | FPE in depthwise convolutions in TFLite | < 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-021 | FPE in BiasAndClamp in TFLite |
< 2.8.0 | Wang Xuan of Qihoo 360 AIVul Team | |
| TFSA-2022-020 | Heap overflow in SparseCountSparseOutput |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-019 | Integer overflow leading to crash in SparseCountSparseOutput |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-018 | Reference binding to null pointer in QuantizedMaxPool |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-017 | Assertion failure based denial of service via faulty bin count operations | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-016 | Undefined behavior in SparseTensorSliceDataset |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-015 | CHECK-fails when building invalid/overflowing tensor shapes |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-014 | Division by zero in FractionalMaxPool |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-013 | CHECK-failures in MapStage |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-012 | Integer overflows in AddManySparseToTensorsMap |
< 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-011 | Integer overflows in most sparse component-wise ops | < 2.8.0 | Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-010 | More incomplete validation in boosted trees code | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team, Faysal Hossain Shezan from University of Virginia | |
| TFSA-2022-009 | OOM due to integer overflow in StringNGrams |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-008 | OOM in ThreadPoolHandle |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-007 | Type confusion in shape inference for ConcatV2 |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-006 | Overflow and divide by zero in UnravelIndex |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-005 | Heap OOB access in FractionalAvgPoolGrad |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-004 | Integer overflow in shape inference for Dequantize |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-003 | Heap OOB access in Dequantize |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-002 | Heap OOB read in shape inference for ReverseSequence |
< 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2022-001 | Floating point division by 0 when executing convolution operators | < 2.8.0 | Yu Tian of Qihoo 360 AIVul Team | |
| TFSA-2021-200 | Crash in tf.math.segment_* operations |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-199 | Crash in max_pool3d when size argument is 0 or negative |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-198 | Crashes due to overflow and CHECK-fail in ops with large tensor shapes |
< 2.7.0 | (Reported on GitHub) | issue, issue, issue |
| TFSA-2021-197 | Incomplete validation in tf.summary.create_file_writer |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-196 | Overflow/crash in tf.tile when tiling tensor is large |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-195 | Overflow/crash in tf.image.resize when size is large |
< 2.7.0 | (Reported on GitHub) | issue |
| TFSA-2021-194 | Overflow/crash in tf.range |
< 2.7.0 | (Reported on GitHub) | issue, issue, issue |
| TFSA-2021-193 | Missing validation during checkpoint loading | < 2.7.0 | (discovered internally) | |
| TFSA-2021-192 | Uninitialized access in EinsumHelper::ParseEquation |
< 2.7.0 | (discovered internally) | |
| TFSA-2021-191 | Segfault while copying constant resource tensor | < 2.7.0 | (discovered internally) | |
| TFSA-2021-190 | Incomplete validation of shapes in multiple TF ops | < 2.7.0 | (discovered internally) | |
| TFSA-2021-189 | Incomplete validation in boosted trees code | < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-188 | Heap OOB read in tf.raw_ops.SparseCountSparseOutput |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-187 | FPE in convolutions with zero size filters | < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-186 | FPE in ParallelConcat |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-185 | Heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-184 | Heap OOB in shape inference for QuantizeV2 |
>= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-183 | Heap OOB read in tf.ragged.cross |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-182 | Reference binding to nullptr in tf.ragged.cross |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-181 | Null pointer exception in DeserializeSparse |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-180 | Deadlock in mutually recursive tf.function objects |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-179 | Heap buffer overflow in Transpose |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-178 | Undefined behavior via nullptr reference binding in sparse matrix multiplication |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-177 | Use after free / memory leak in CollectiveReduceV2 |
>= 2.6.0, < 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-176 | Integer division by 0 in tf.raw_ops.AllToAll |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-175 | Null pointer exception when Exit node is not preceded by Enter op |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-174 | Access to invalid memory during shape inference in Cudnn* ops |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-173 | Segfault due to negative splits in SplitV |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-172 | SparseFillEmptyRows heap OOB |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-171 | Heap OOB in SparseBinCount |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-170 | Arbitrary memory read in ImmutableConst |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-169 | Heap OOB in FusedBatchNorm kernels |
< 2.7.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-168 | A use of uninitialized value vulnerability in Tensorflow | < 2.7.0 | Qian Feng from Baidu Security Team | |
| TFSA-2021-167 | Code injection in saved_model_cli |
< 2.7.0 | Omer Kaspi from Vdoo | |
| TFSA-2021-166 | Use after free and segfault in shape inference functions | < 2.6.0 | (discovered internally) | |
| TFSA-2021-165 | Segfault on strings tensors with mismatched dimensions, due to Go code | >=2.5.0, < 2.6.0 | (Reported on GitHub) | PR |
| TFSA-2021-164 | FPE in LSH in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-163 | Null pointer dereference in TFLite MLIR optimizations | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-162 | Null pointer dereference in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-161 | Heap OOB in TFLite's Gather* implementations |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-160 | Heap OOB in TFLite | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-159 | Infinite loop in TFLite | == 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-158 | FPE in TFLite pooling operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-157 | FPE in TFLite division operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-156 | Use of unitialized value in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-155 | NPE in TFLite | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-154 | Division by zero in TFLite | < 2.6.0 | Aivul Team from Qihoo 360, Yakun Zhang of Baidu Security | |
| TFSA-2021-153 | Heap OOB in nested tf.map_fn with RaggedTensors |
< 2.6.0 | Haris Sahovic | |
| TFSA-2021-152 | Arbitrary code execution due to YAML deserialization | < 2.6.0 | Arjun Shibu | |
| TFSA-2021-151 | Missing validation in shape inference for Dequantize |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-150 | Division by 0 in most convolution operators | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-149 | Reference binding to nullptr in shape inference | < 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-148 | Incomplete validation in MaxPoolGrad |
< 2.6.0 | Yakun Zhang of Baidu Security | |
| TFSA-2021-147 | CHECK-fail in MapStage |
< 2.6.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-146 | Heap OOB in SdcaOptimizerV2 |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-145 | Reference binding to nullptr in map operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-144 | Heap OOB in UpperBound and LowerBound |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-143 | Crash in NMS ops caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-142 | FPE in tf.raw_ops.UnravelIndex |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-141 | Reference binding to nullptr in unicode encoding | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-140 | Reference binding to nullptr in RaggedTensorToVariant |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-139 | Incomplete validation in MKL requantization | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-138 | Incomplete validation in QuantizeV2 |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-137 | Heap OOB in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-136 | Reference binding to nullptr in boosted trees | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-135 | Crash caused by integer conversion to unsigned | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-134 | Division by 0 in inplace operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-133 | Reference binding to nullptr and heap OOB in binary cwise ops | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-132 | Reference binding to nullptr in MatrixSetDiagV* ops |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-131 | Reference binding to nullptr in MatrixDiagV* ops |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-130 | Reference binding to nullptr in RaggedTensorToSparse |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-129 | Heap OOB in ResourceScatterUpdate |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-128 | Heap OOB and CHECK fail in ResourceGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-127 | Division by 0 in ResourceGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-126 | Use after free in boosted trees creation | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-125 | Heap buffer overflow in FractionalAvgPoolGrad |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-124 | Segfault and heap buffer overflow in {Experimental,}DatasetToTFRecord |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-123 | Null pointer dereference in UncompressElement |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-122 | Incorrect validation of SaveV2 inputs |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-121 | Null pointer dereference in SparseTensorSliceDataset |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-120 | Bad alloc in StringNGrams caused by integer conversion |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-119 | Integer overflow due to conversion to unsigned | >=2.4.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-118 | Null pointer dereference in MatrixDiagPartOp |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-117 | std::abort raised from TensorListReserve |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-116 | Heap OOB in RaggedGather |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-115 | Division by 0 in ResourceScatterDiv |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-114 | Integer division by 0 in sparse reshaping | >=2.5.0, < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-113 | Null pointer dereference and heap OOB read in operations restoring tensors | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-112 | Null pointer dereference in RaggedTensorToTensor |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-111 | Null pointer dereference in CompressElement |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-110 | Floating point exception in SparseDenseCwiseDiv |
< 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-109 | Heap out of bounds access in sparse reduction operations | < 2.6.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-108 | Segfault in tf.raw_ops.ImmutableConst |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-107 | Segfault in tf.raw_ops.SparseCountSparseOutput |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-106 | Crash in tf.strings.substr due to CHECK-fail |
< 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-105 | Crash in tf.transpose with complex inputs |
< 2.5.0 | (Reported on GitHub) | issue report |
| TFSA-2021-104 | Null dereference in Grappler's TrySimplify |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-103 | Stack overflow in ParseAttrValue with nested tensors |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-102 | Interpreter crash from tf.io.decode_raw |
< 2.5.0 | (discovered internally) | |
| TFSA-2021-101 | Incomplete validation in tf.raw_ops.CTCLoss |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-100 | Heap buffer overflow in BandedTriangularSolve |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-099 | Invalid validation in QuantizeAndDequantizeV2 |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-098 | Incomplete validation in SparseReshape |
>=2.3.0, < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-097 | Incomplete validation in SparseSparseMinimum |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-096 | Incomplete validation in SparseAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-095 | Heap OOB and null pointer dereference in RaggedTensorToTensor |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-094 | Heap OOB read in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-093 | Heap OOB write in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-092 | Integer overflow in TFLite memory allocation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-091 | Integer overflow in TFLite concatenation | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-090 | Division by zero in TFLite's implementation of hashtable lookup | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-089 | Division by zero in TFLite's implementation of DepthwiseConv |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-088 | Division by zero in TFLite's implementation of OneHot |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-087 | Division by zero in TFLite's implementation of Split |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-086 | Division by zero in TFLite's implementation of SVDF |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-085 | Division by zero in TFLite's implementation of SpaceToBatchNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-084 | Division by zero in TFLite's implementation of BatchToSpaceNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-083 | Division by zero in TFLite's implementation of EmbeddingLookup |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-082 | Division by zero in TFLite's convolution code | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-081 | Division by zero in TFLite's implementation of DepthToSpace |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-080 | Stack overflow due to looping TFLite subgraph | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-079 | Null pointer dereference in TFLite's Reshape operator |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-078 | Heap OOB read in TFLite's implementation of Minimum or Maximum |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-077 | Division by zero in TFLite's implementation of TransposeConv |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-076 | Division by zero in TFLite's implementation of GatherNd |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-075 | Division by zero in TFLite's implementation of SpaceToDepth |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-074 | Division by zero in optimized pooling implementations in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-073 | Division by zero in padding computation in TFLite | < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-072 | Heap buffer overflow and undefined behavior in FusedBatchNorm |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-071 | CHECK-fail due to integer overflow |
< 2.5.0 | University of Virginia and University of California, Santa Barbara | |
| TFSA-2021-070 | Heap OOB read in tf.raw_ops.Dequantize |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-069 | Segfault in CTCBeamSearchDecoder |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-068 | Heap buffer overflow in MaxPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-067 | Heap buffer overflow in FractionalAvgPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-066 | Undefined behavior and CHECK-fail in FractionalMaxPoolGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-065 | Heap buffer overflow in AvgPool3DGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-064 | Heap buffer overflow in MaxPool3DGradGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-063 | Undefined behavior in MaxPool3DGradGrad |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-062 | Division by 0 in MaxPoolGradWithArgmax |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-061 | Overflow/denial of service in tf.raw_ops.ReverseSequence |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-060 | Reference binding to nullptr in SdcaOptimizer |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-059 | Memory corruption in DrawBoundingBoxesV2 |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-058 | Heap out of bounds read in RequantizationRange |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-057 | Heap out of bounds read in MaxPoolGradWithArgmax |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-056 | Lack of validation in SparseDenseCwiseMul |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-055 | Reference binding to null in ParameterizedTruncatedNormal |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-054 | Heap OOB access in Dilation2DBackpropInput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-053 | Null pointer dereference in SparseFillEmptyRows |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-052 | Null pointer dereference in EditDistance |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-051 | CHECK-fail in tf.raw_ops.RFFT |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-050 | CHECK-fail in tf.raw_ops.IRFFT |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-049 | CHECK-fail in LoadAndRemapMatrix |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-048 | Heap buffer overflow in RaggedTensorToTensor |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-047 | Heap OOB access in unicode ops | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-046 | Heap buffer overflow in SparseSplit |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-045 | Division by 0 in Reverse |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-044 | Division by 0 in SparseMatMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-043 | Division by 0 in FusedBatchNorm |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-042 | Division by 0 in DenseCountSparseOutput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-041 | CHECK-failure in UnsortedSegmentJoin |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-040 | Heap OOB in QuantizeAndDequantizeV3 |
< 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-039 | OOB read in MatrixTriangularSolve |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-038 | Division by 0 in FractionalAvgPool |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-037 | Division by 0 in QuantizedAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-036 | Division by 0 in QuantizedBatchNormWithGlobalNormalization |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-035 | Heap out of bounds in QuantizedBatchNormWithGlobalNormalization |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-034 | Division by 0 in QuantizedBiasAdd |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-033 | Heap buffer overflow in SparseTensorToCSRSparseMatrix |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-032 | CHECK-fail in CTCGreedyDecoder |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-031 | CHECK-fail in QuantizeAndDequantizeV4Grad |
>= 2.4.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-030 | Null pointer dereference in StringNGrams |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-029 | Heap buffer overflow StringNGrams |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-028 | Heap buffer overflow Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-027 | Division by zero in Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-026 | Heap buffer overflow in QuantizedReshape |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-025 | Heap buffer overflow in QuantizedResizeBilinear |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-024 | CHECK-fail in SparseConcat |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-023 | Heap buffer overflow in QuantizedMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-022 | CHECK-fail in DrawBoundingBoxes |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-021 | Heap out of bounds read in RaggedCross |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-020 | CHECK-fail in tf.raw_ops.EncodePng |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-019 | Heap buffer overflow caused by rounding | < 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-018 | Invalid validation in SparseMatrixSparseCholesky |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-017 | Division by 0 in QuantizedMul |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-016 | Division by 0 in QuantizedConv2D |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-015 | Division by 0 in Conv2D |
< 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-014 | Division by 0 in Conv2DBackpropInput |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-013 | Division by 0 in Conv2DBackpropFilter |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-012 | CHECK-fail in AddManySparseToTensorsMap |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-011 | Division by 0 in Conv3DBackprop* |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-010 | Heap buffer overflow in Conv3DBackprop* |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-009 | Segfault in SparseCountSparseOutput |
>= 2.3.0, < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-008 | CHECK-fail in SparseCross due to type confusion |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-007 | Session operations in eager mode lead to null pointer dereferences | >= 2.0.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-006 | Division by zero in Conv3D |
< 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-005 | Null pointer dereference via invalid Ragged Tensors | < 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
| TFSA-2021-004 | Reference binding to null pointer in MatrixDiag* ops |
< 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-003 | Type confusion during tensor casts lead to dereferencing null pointers | < 2.5.0 | Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team | |
| TFSA-2021-002 | Heap out of bounds write in RaggedBinCount |
>= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2021-001 | Heap buffer overflow in RaggedBinCount |
>= 2.3.0, < 2.5.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-034 | Heap out of bounds access in MakeEdge | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-033 | CHECK-fail in LSTM with zero-length input | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-032 | Heap out of bounds read in filesystem glob matching | 2.4.0-rc{0,1,2,3} | Aivul Team from Qihoo 360 | |
| TFSA-2020-031 | Write to immutable memory region | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-030 | Lack of validation in data format attributes | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-029 | Uninitialized memory access in Eigen types | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
| TFSA-2020-028 | Float cast overflow undefined behavior | <= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-027 | Segfault in tf.quantization.quantize_and_dequantize |
<= 2.3 | (Reported on GitHub) | issue report |
| TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-024 | Memory leak in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-023 | Memory corruption in dlpack.to_dlpack |
2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad |
>= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string |
>= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams |
>= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-010 | Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
| TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
| TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 |
>= 1.12.0, <= 2.1 | (found internally) | |
| TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum |
<= 1.14 | (found internally) | |
| TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
| - | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |