CVE-2022-41896
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-41896
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41896.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-41896
- Aliases
- Published
- 2022-11-18T00:00:00Z
- Modified
- 2025-11-04T20:11:19.306269Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- `tf.raw_ops.Mfcc` crashes in Tensorflow
- Details
-
TensorFlow is an open source platform for machine learning. If
ThreadUnsafeUnigramCandidateSampleris given inputfilterbank_channel_countgreater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - Database specific
{ "cwe_ids": [ "CWE-20" ] }- References
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
Affected versions
0.*
0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0
v0.*
v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.7.0
v0.7.1
v0.8.0rc0
v0.9.0
v0.9.0rc0
v1.*
v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0-rc0
v1.3.0-rc1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2
v2.*
v2.10.0
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1
v2.9.2