Safety vulnerability ID: 57854
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.
Latest version: 2.14.0.600
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application