CVE-2023-25667

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25667

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25667.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25667

Aliases

Downstream

AZL-31198

AZL-35312

Published

2023-03-24T23:40:20.893Z

Modified

2026-04-10T04:56:04.928187Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

TensorFlow vulnerable to segfault when opening multiframe gif

Details

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 <= num_frames * height * width * channels < 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25667.json"
}

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3e2c692c18649329c4210cf8df2487d2028e267

Affected versions

0.*

0.5.0

0.6.0

v1.*

v1.1.0-rc1

v1.1.0-rc2

v1.12.1

v1.6.0-rc1

v1.9.0-rc2

v2.*

v2.11.0

v2.11.0-rc0

v2.11.0-rc1

v2.11.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25667.json"