We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
Advisory Number | Type | Versions affected | Reported by | Additional Information |
---|---|---|---|---|
TFSA-2021-108 | Segfault in tf.raw_ops.ImmutableConst | <= 2.5.0 | (discovered internally) | |
TFSA-2021-107 | Segfault in tf.raw_ops.SparseCountSparseOutput | <= 2.5.0 | (discovered internally) | |
TFSA-2021-106 | Crash in tf.strings.substr due to CHECK -fail | <= 2.5.0 | (Reported on GitHub) | issue report |
TFSA-2021-105 | Crash in tf.transpose with complex inputs | <= 2.5.0 | (Reported on GitHub) | issue report |
TFSA-2021-104 | Null dereference in Grappler's TrySimplify | <= 2.5.0 | (discovered internally) | |
TFSA-2021-103 | Stack overflow in ParseAttrValue with nested tensors | <= 2.5.0 | (discovered internally) | |
TFSA-2021-102 | Interpreter crash from tf.io.decode_raw | <= 2.5.0 | (discovered internally) | |
TFSA-2021-101 | Incomplete validation in tf.raw_ops.CTCLoss | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-100 | Heap buffer overflow in BandedTriangularSolve | <= 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-099 | Invalid validation in QuantizeAndDequantizeV2 | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-098 | Incomplete validation in SparseReshape | >=2.3.0, <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-097 | Incomplete validation in SparseSparseMinimum | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-096 | Incomplete validation in SparseAdd | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-095 | Heap OOB and null pointer dereference in RaggedTensorToTensor | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-094 | Heap OOB read in TFLite | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-093 | Heap OOB write in TFLite | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-092 | Integer overflow in TFLite memory allocation | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-091 | Integer overflow in TFLite concatentation | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-090 | Division by zero in TFLite's implementation of hashtable lookup | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-089 | Division by zero in TFLite's implementation of DepthwiseConv | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-088 | Division by zero in TFLite's implementation of OneHot | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-087 | Division by zero in TFLite's implementation of Split | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-086 | Division by zero in TFLite's implementation of SVDF | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-085 | Division by zero in TFLite's implementation of SpaceToBatchNd | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-084 | Division by zero in TFLite's implementation of BatchToSpaceNd | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-083 | Division by zero in TFLite's implementation of EmbeddingLookup | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-082 | Division by zero in TFLite's convolution code | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-081 | Division by zero in TFLite's implementation of DepthToSpace | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-080 | Stack overflow due to looping TFLite subgraph | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-079 | Null pointer dereference in TFLite's Reshape operator | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-078 | Heap OOB read in TFLite's implementation of Minimum or Maximum | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-077 | Division by zero in TFLite's implementation of TransposeConv | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-076 | Division by zero in TFLite's implementation of GatherNd | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-075 | Division by zero in TFLite's implementation of SpaceToDepth | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-074 | Division by zero in optimized pooling implementations in TFLite | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-073 | Division by zero in padding computation in TFLite | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-072 | Heap buffer overflow and undefined behavior in FusedBatchNorm | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-071 | CHECK -fail due to integer overflow | <= 2.5.0 | University of Virginia and University of California, Santa Barbara | |
TFSA-2021-070 | Heap OOB read in tf.raw_ops.Dequantize | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-069 | Segfault in CTCBeamSearchDecoder | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-068 | Heap buffer overflow in MaxPoolGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-067 | Heap buffer overflow in FractionalAvgPoolGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-066 | Undefined behavior and CHECK -fail in FractionalMaxPoolGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-065 | Heap buffer overflow in AvgPool3DGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-064 | Heap buffer overflow in MaxPool3DGradGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-063 | Undefined behavior in MaxPool3DGradGrad | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-062 | Division by 0 in MaxPoolGradWithArgmax | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-061 | Overflow/denial of service in tf.raw_ops.ReverseSequence | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-060 | Reference binding to nullptr in SdcaOptimizer | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-059 | Memory corruption in DrawBoundingBoxesV2 | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-058 | Heap out of bounds read in RequantizationRange | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-057 | Heap out of bounds read in MaxPoolGradWithArgmax | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-056 | Lack of validation in SparseDenseCwiseMul | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-055 | Reference binding to null in ParameterizedTruncatedNormal | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-054 | Heap OOB access in Dilation2DBackpropInput | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-053 | Null pointer dereference in SparseFillEmptyRows | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-052 | Null pointer dereference in EditDistance | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-051 | CHECK -fail in tf.raw_ops.RFFT | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-050 | CHECK -fail in tf.raw_ops.IRFFT | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-049 | CHECK -fail in LoadAndRemapMatrix | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-048 | Heap buffer overflow in RaggedTensorToTensor | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-047 | Heap OOB access in unicode ops | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-046 | Heap buffer overflow in SparseSplit | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-045 | Division by 0 in Reverse | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-044 | Division by 0 in SparseMatMul | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-043 | Division by 0 in FusedBatchNorm | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-042 | Division by 0 in DenseCountSparseOutput | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-041 | CHECK -failure in UnsortedSegmentJoin | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-040 | Heap OOB in QuantizeAndDequantizeV3 | <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-039 | OOB read in MatrixTriangularSolve | <= 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-038 | Division by 0 in FractionalAvgPool | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-037 | Division by 0 in QuantizedAdd | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-036 | Division by 0 in QuantizedBatchNormWithGlobalNormalization | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-035 | Heap out of bounds in QuantizedBatchNormWithGlobalNormalization | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-034 | Division by 0 in QuantizedBiasAdd | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-033 | Heap buffer overflow in SparseTensorToCSRSparseMatrix | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-032 | CHECK -fail in CTCGreedyDecoder | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-031 | CHECK -fail in QuantizeAndDequantizeV4Grad | >= 2.4.0, <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-030 | Null pointer dereference in StringNGrams | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-029 | Heap buffer overflow StringNGrams | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-028 | Heap buffer overflow Conv2DBackpropFilter | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-027 | Division by zero in Conv2DBackpropFilter | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-026 | Heap buffer overflow in QuantizedReshape | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-025 | Heap buffer overflow in QuantizedResizeBilinear | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-024 | CHECK -fail in SparseConcat | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-023 | Heap buffer overflow in QuantizedMul | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-022 | CHECK -fail in DrawBoundingBoxes | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-021 | Heap out of bounds read in RaggedCross | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-020 | CHECK -fail in tf.raw_ops.EncodePng | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-019 | Heap buffer overflow caused by rounding | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-018 | Invalid validation in SparseMatrixSparseCholesky | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-017 | Division by 0 in QuantizedMul | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-016 | Division by 0 in QuantizedConv2D | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-015 | Division by 0 in Conv2D | <= 2.5.0 | Ying Wang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-014 | Division by 0 in Conv2DBackpropInput | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-013 | Division by 0 in Conv2DBackpropFilter | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-012 | CHECK -fail in AddManySparseToTensorsMap | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-011 | Division by 0 in Conv3DBackprop* | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-010 | Heap buffer overflow in Conv3DBackprop* | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-009 | Segfault in SparseCountSparseOutput | >= 2.3.0, <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-008 | CHECK -fail in SparseCross due to type confusion | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-007 | Session operations in eager mode lead to null pointer dereferences | >= 2.0.0, <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-006 | Division by zero in Conv3D | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-005 | Null pointer dereference via invalid Ragged Tensors | <= 2.5.0 | Yakun Zhang and Ying Wang of Baidu X-Team | |
TFSA-2021-004 | Reference binding to null pointer in MatrixDiag* ops | <= 2.5.0 | Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-003 | Type confusion during tensor casts lead to dereferencing null pointers | <= 2.5.0 | Aivul Team from Qihoo 360; Ye Zhang and Yakun Zhang of Baidu X-Team | |
TFSA-2021-002 | Heap out of bounds write in RaggedBinCount | >= 2.3.0, <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2021-001 | Heap buffer overflow in RaggedBinCount | >= 2.3.0, <= 2.5.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-034 | Heap out of bounds access in MakeEdge | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-033 | CHECK-fail in LSTM with zero-length input | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-032 | Heap out of bounds read in filesystem glob matching | 2.4.0-rc{0,1,2,3} | Aivul Team from Qihoo 360 | |
TFSA-2020-031 | Write to immutable memory region | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-030 | Lack of validation in data format attributes | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-029 | Uninitialized memory access in Eigen types | >= 1.15.0, <= 2.3.0 | (discovered internally) | |
TFSA-2020-028 | Float cast overflow undefined behavior | <= 2.3 | (Reported on GitHub) | issue report |
TFSA-2020-027 | Segfault in tf.quantization.quantize_and_dequantize | <= 2.3 | (Reported on GitHub) | issue report |
TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-024 | Memory leak in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-023 | Memory corruption in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-010 | Incomplete validation in TensorFlow's SavedModel's constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 | >= 1.12.0, <= 2.1 | (found internally) | |
TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum | <= 1.14 | (found internally) | |
TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
- | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |