CVE-2021-29585 log
| Source |
|
| Severity | Low |
| Remote | No |
| Type | Insufficient validation |
| Description | A security issue has been found in TensorFlow before version 2.4.2. The TFLite computation for size of output after padding, `ComputeOutSize`(https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.h#L43-L55), does not check that the `stride` argument is not 0 before doing the division. Users can craft special models such that `ComputeOutSize` is called with `stride` set to 0. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1962 | tensorflow | 2.4.1-10 | 2.5.0-1 | Critical | Fixed |
| References |
|---|
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv78-g7wq-mhp4 https://github.com/tensorflow/tensorflow/commit/49847ae69a4e1a97ae7f2db5e217c77721e37948 |