CVE-2020-15266 log

Severity Low
Remote No
Type Denial of service
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.
Group Package Affected Fixed Severity Status Ticket
AVG-1350 tensorflow 2.3.1-7 2.4.0rc4-1 Medium Fixed