TensorFlow has Floating Point Exception in TFLite in conv kernel
CVE-2023-27579
7.5HIGH
What is CVE-2023-27579?
A vulnerability exists in TensorFlow that occurs when constructing a TensorFlow Lite model with the filter_input_channel
parameter set to a value less than 1. This results in a floating point exception (FPE) that may disrupt model execution. The issue has been addressed in version 2.12 of TensorFlow, with a commit also being backported to version 2.11.1 to enhance model stability and security. Users are encouraged to upgrade to the patched versions to mitigate risks.
Affected Version(s)
tensorflow < 2.11.1