Core dump when loading TFLite models with quantization in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

输入验证不恰当

Google TensorFlow输入验证错误漏洞

Google TensorFlow是美国谷歌（Google）公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 2.9.0之前版本、2.8.1之前版本、2.7.2之前版本和2.6.4之前版本存在输入验证错误漏洞，该漏洞源于应用在使用 TFLite 模型转换器创建的某些 TFLite 模型在加载到 TFLite 解释器时会发生崩溃。

N/A

N/A