Safety vulnerability ID: 51105
The information on this page was manually curated by our Cybersecurity Intelligence Team.
TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr
Latest version: 2.17.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. See CVE-2022-36027.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr
MISC:https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450: https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450
MISC:https://github.com/tensorflow/tensorflow/issues/53767: https://github.com/tensorflow/tensorflow/issues/53767
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application