TensorFlow vulnerable to segfault when opening multiframe gif
CVE-2023-25667

6.5MEDIUM

Key Information:

Vendor: Tensorflow
Status: Tensorflow
Vendor: CVE Published:; 25 March 2023

What is CVE-2023-25667?

An integer overflow vulnerability in TensorFlow, an open-source machine learning platform, can occur under specific conditions when calculating frame dimensions during processing. This issue arises in scenarios where the total number of frames multiplied by their respective height, width, and channels exceeds the limit of 32-bit integers. This could potentially lead to further security issues and performance concerns in applications relying on TensorFlow. Users are advised to upgrade to TensorFlow version 2.12.0 or 2.11.1, where this issue has been addressed.

Affected Version(s)

tensorflow < 2.11.1

References

https://github.com/tensorflow/tensorflow/security/advisor...

x_refsource_CONFIRM

https://github.com/tensorflow/tensorflow/commit/8dc723fcd...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2023
Vulnerability Reserved
Feb 9, 2023

Tensorflow

What is CVE-2023-25667?

Affected Version(s)

References

CVSS V3.1

Timeline