pkg:Bitnami/tensorflow

All known vulnerabilities

• CRITICAL9.8CVE-2023-25668TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
  from 0, < 2.12.0
• CRITICAL9.3CVE-2021-41208Incomplete validation in boosted trees code
  >= 2.4.0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• CRITICAL9.3CVE-2021-37678Arbitrary code execution due to YAML deserialization
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• CRITICAL9.1TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extr…
  from 0, < 2.5.1
• CRITICAL9.1OOB read in `Gather_nd` op in TensorFlow Lite Micro
  >= 2.7.0, < 2.7.2, >= 2.8.0, < 2.8.1, >= 2.9.0, < 2.9.1
• CRITICAL9.1TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
  >= 2.4.0-rc0, < 2.4.0, >= 2.4.0-rc1, < 2.4.0, >= 2.4.0-rc2, < 2.4.0, >= 2.4.0-rc3, < 2.4.0, >= 2.4.0-rc4, < 2.4.0
• CRITICAL9.0Denial of Service in Tensorflow
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• CRITICAL9.0Data leak in Tensorflow
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• CRITICAL9.0Integer truncation in Shard API usage
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH8.8Out of bounds write in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.8Out of bounds write in TFLite
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.8Read and Write outside of bounds in TensorFlow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.8Integer overflow in TFLite
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.8Out of bounds read in Tensorflow
  >= 2.7.0, < 2.7.1
• HIGH8.8Integer overflow in TensorFlow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.8Out of bounds read and write in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.7Segfault and data corruption in tensorflow-lite
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH8.5Heap buffer overflow in Tensorflow
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH8.5Heap buffer overflow in Tensorflow
  >= 2.3.0, < 2.3.1
• HIGH8.4Null pointer dereference and heap OOB read in operations restoring tensors
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH8.1Out of bounds read in Tensorflow
  >= 2.7.0, < 2.8.0
• HIGH8.1Out of bounds read in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.1Out of bounds read in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.1Out of bounds read in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH8.1Out of bounds access in tensorflow-lite
  >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH8.1Out of bounds write in tensorflow-lite
  >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH8.0TensorFlow has double free in Fractional(Max/Avg)Pool
  from 0, < 2.12.0
• HIGH7.8Code injection in `saved_model_cli` in TensorFlow
  from 0, < 2.6.4, >= 2.7.0, < 2.7.2, >= 2.8.0, < 2.8.1
• HIGH7.8Unitialized access in `EinsumHelper::ParseEquation`
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.8Missing validation during checkpoint loading
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.8Reference binding to `nullptr` in `tf.ragged.cross`
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.8Undefined behavior via `nullptr` reference binding in sparse matrix multiplication
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.8Use after free / memory leak in `CollectiveReduceV2`
  >= 2.6.0, < 2.6.1
• HIGH7.8Access to invalid memory during shape inference in `Cudnn*` ops
  >= 2.4.0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.8Incorrect validation of `SaveV2` inputs
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Use after free in boosted trees creation
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Incomplete validation in `QuantizeV2`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Incomplete validation in MKL requantization
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Reference binding to nullptr in `RaggedTensorToVariant`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Reference binding to nullptr in unicode encoding
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Reference binding to nullptr in map operations
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Reference binding to nullptr in shape inference
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8NPE in TFLite
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Null pointer dereference in TFLite
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.8Null pointer dereference in TFLite MLIR optimizations
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.7Null pointer dereference in `CompressElement`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.7Null pointer dereference in `RaggedTensorToTensor`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.7Null pointer dereference in `MatrixDiagPartOp`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.7Null pointer dereference in `SparseTensorSliceDataset`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.7Null pointer dereference in `UncompressElement`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.6Use after free in `DecodePng` kernel
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Integer overflow in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Integer overflow in TFLite array creation
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Heap overflow in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Undefined behavior in `SparseTensorSliceDataset`
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Uninitialized variable access in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.6Integer overflow in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.5An issue was discovered TensorFlow v2.18.0.
  >= 2.18.0, < 2.18.1
• HIGH7.5TensorFlow has segfault in array_ops.upper_bound
  from 0, < 2.12.1
• HIGH7.5TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
  from 0, < 2.12.0
• HIGH7.5TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
  from 0, < 2.12.0
• HIGH7.5TensorFlow vulnerable to integer overflow in EditDistance
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Null Pointer Error in TensorArrayConcatV2
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Heap-buffer-overflow in AvgPoolGrad
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Null Pointer Error in SparseSparseMaximum
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Floating Point Exception in AudioSpectrogram
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
  from 0, < 2.12.0
• HIGH7.5TensorFlow has segmentation fault in tfg-translate
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Null Pointer Error in LookupTableImportV2
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Floating Point Exception in TensorListSplit with XLA
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Segfault in Bincount with XLA
  from 0, < 2.12.0
• HIGH7.5TensorFlow has null dereference on ParallelConcat with XLA
  from 0, < 2.12.0
• HIGH7.5TensorFlow has Floating Point Exception in TFLite in conv kernel
  from 0, < 2.12.0
• HIGH7.5TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
  from 0, < 2.12.0
• HIGH7.5TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
  from 0, < 2.7.2, >= 2.8.0, < 2.8.1, >= 2.9.0, < 2.9.1
• HIGH7.5TensorFlow vulnerable to integer overflow in math ops
  from 0, < 2.7.2, >= 2.8.0, < 2.8.1, >= 2.9.0, < 2.9.1
• HIGH7.5Stack overflow in TensorFlow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.5Code injection in `saved_model_cli`
  >= 2.4.0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.5Denial of Service in Tensorflow
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH7.4Data corruption in tensorflow-lite
  from 0, < 1.15.4, >= 2.0.0, < 2.0.3, >= 2.1.0, < 2.1.2, >= 2.2.0, < 2.2.1, >= 2.3.0, < 2.3.1
• HIGH7.3Heap out of bounds access in sparse reduction operations
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.3Heap OOB and CHECK fail in `ResourceGather`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.3Heap OOB in `ResourceScatterUpdate`
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.3Reference binding to nullptr and heap OOB in binary cwise ops
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.3Heap OOB in boosted trees
  >= 2.3.0, < 2.3.4, >= 2.4.0, < 2.4.3, >= 2.5.0, < 2.5.1
• HIGH7.3Stack overflow due to looping TFLite subgraph
  from 0, < 2.1.4, >= 2.2.0, < 2.2.3, >= 2.3.0, < 2.3.3, >= 2.4.0, < 2.4.2
• HIGH7.1Out of bounds write in grappler in Tensorflow
  from 0, < 2.8.4, >= 2.9.0, < 2.9.3, >= 2.10.0, < 2.10.1
• HIGH7.1FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
  from 0, < 2.8.4, >= 2.9.0, < 2.9.3, >= 2.10.0, < 2.10.1
• HIGH7.1Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite
  from 0, < 2.8.4, >= 2.9.0, < 2.9.3, >= 2.10.0, < 2.10.1
• HIGH7.1Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
  from 0, < 2.6.4, >= 2.7.0, < 2.7.2, >= 2.8.0, < 2.8.1
• HIGH7.1Insecure temporary file in Tensorflow
  from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• HIGH7.1Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.1Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.1Heap OOB in shape inference for `QuantizeV2`
  >= 2.6.0, < 2.6.1
• HIGH7.1Heap OOB read in `tf.ragged.cross`
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.1Heap OOB in `FusedBatchNorm` kernels
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1
• HIGH7.1`SparseFillEmptyRows` heap OOB
  from 0, < 2.4.4, >= 2.5.0, < 2.5.2, >= 2.6.0, < 2.6.1