Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use after free in `DecodePng` in Tensorflow
Vulnerability Description
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Vulnerability Type
释放后使用
Vulnerability Title
Google TensorFlow 资源管理错误漏洞
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Tensorflow 存在资源管理错误漏洞,修复将包含在TensorFlow 2.8.0中。我们也会在TensorFlow 2.7.1、TensorFlow 2.6.3和TensorFlow 2.5.3上选择这个提交,因为这些也会受到影响,并且仍然在支持范围内。
CVSS Information
N/A
Vulnerability Type
N/A