Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. · CVE-2018-21233 · GitHub Advisory Database · GitHub

Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.

Moderate severity GitHub Reviewed Published May 13, 2020 to the GitHub Advisory Database • Updated Aug 28, 2024

Package

tensorflow (pip)

Affected versions

< 1.7.0

Patched versions

1.7.0

tensorflow-gpu (pip)

< 1.7.0

1.7.0

Description

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

References

Reviewed May 13, 2020

Published to the GitHub Advisory Database May 13, 2020

Last updated Aug 28, 2024