Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embedding_size
and lookup_size
are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.
{ "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*" ], "severity": "High" }