We regularly publish security advisories about using TensorFlow.
Note: In conjunction with these security advisories, we strongly encourage TensorFlow users to read and understand TensorFlow's security model as outlined in SECURITY.md.
| Advisory Number | Type | Versions affected | Reported by | Additional Information |
|---|---|---|---|---|
| TFSA-2020-026 | Segfault in tf.raw_ops.Switch in eager mode | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-025 | Undefined behavior in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-024 | Memory leak in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-023 | Memory corruption in dlpack.to_dlpack | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-022 | Crash due to invalid shape of grad_values in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-021 | Heap buffer overflow in SparseFillEmptyRowsGrad | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-020 | Heap buffer overflow in weighted sparse count ops | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-019 | Crash due to invalid splits in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-018 | Heap buffer overflow due to invalid indices in SparseCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-017 | Abort due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-016 | Segfault due to invalid splits in RaggedCountSparseOutput | 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-015 | Heap buffer overflow due to invalid splits in RaggedCountSparseOutput | 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-014 | Integer truncation in Shard API usage | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-013 | Format-string vulnerability in TensorFlow's as_string | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-012 | Segfault by calling session-only ops in eager mode | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-011 | Data leak in tf.raw_ops.StringNGrams | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-010 | Incomplete validation in TensorFlow‘s SavedModel’s constant nodes causes segfaults | >= 1.15.0, <= 2.3.0 | Shuaike Dong, Alipay Tian Qian Security Lab | issue report |
| TFSA-2020-009 | Segfault and data corruption caused by negative indexing in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-008 | Data corruption due to dimension mismatch in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-007 | Null pointer dereference in TFLite | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360, variant analysis | |
| TFSA-2020-006 | Segmentation fault and/or data corruption due to invalid TFLite model | >= 1.15.0, <= 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-005 | Out of bounds access in TFLite operators | >= 1.15.0, <= 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-004 | Out of bounds access in TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-003 | Denial of service from TFLite implementation of segment sum | 2.2.0, 2.3.0 | (variant analysis, Aivul Team from Qihoo 360) | |
| TFSA-2020-002 | Out of bounds write in TFLite implementation of segment sum | 2.2.0, 2.3.0 | Aivul Team from Qihoo 360 | |
| TFSA-2020-001 | Segmentation fault when converting a Python string to tf.float16 | >= 1.12.0, <= 2.1 | (found internally) | |
| TFSA-2019-002 | Heap buffer overflow in UnsortedSegmentSum | <= 1.14 | (found internally) | |
| TFSA-2019-001 | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab | |
| TFSA-2018-006 | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-005 | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-004 | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-003 | TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability | <= 1.7 | Blade Team of Tencent | |
| TFSA-2018-002 | GIF File Parsing Null Pointer Dereference Error | <= 1.5 | Blade Team of Tencent | |
| TFSA-2018-001 | BMP File Parser Out-of-bounds Read | <= 1.6 | Blade Team of Tencent | |
| - | Out Of Bounds Read | <= 1.4 | Blade Team of Tencent | issue report |