Safety vulnerability ID: 40795
The information on this page was manually curated by our Cybersecurity Intelligence Team.
TensorFlow 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.
https://github.com/tensorflow/tensorflow/issues/42129
https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc
Latest version: 2.18.0
TensorFlow is an open source machine learning framework for everyone.
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. See CVE-2020-15266.
CONFIRM:https://github.com/tensorflow/tensorflow/issues/42129: https://github.com/tensorflow/tensorflow/issues/42129
CONFIRM:https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845: https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application