Safety vulnerability ID: 58226
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm-enhanced versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34
Latest version: 2.4.3
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application