From 4e29cc640a131bd16b2ea2cf59c18e2e663cc2e2 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Thu, 18 Apr 2019 14:31:27 -0700
Subject: [PATCH] Security advisory for null pointer dereference in GIFs

PiperOrigin-RevId: 244259310
---
 tensorflow/security/advisory/tfsa-2019-001.md | 35 +++++++++++++++++++
 tensorflow/security/index.md                  |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 tensorflow/security/advisory/tfsa-2019-001.md

diff --git a/tensorflow/security/advisory/tfsa-2019-001.md b/tensorflow/security/advisory/tfsa-2019-001.md
new file mode 100644
index 00000000000..65125d60b91
--- /dev/null
+++ b/tensorflow/security/advisory/tfsa-2019-001.md
@@ -0,0 +1,35 @@
+## TFSA-2019-001: Null Pointer Dereference Error in Decoding GIF Files
+
+### CVE Number
+
+CVE-2019-9635
+
+### Issue Description
+
+Certain invalid GIF files can produce a null pointer dereference when reading
+from the color map of a frame if the color map is missing.
+
+### Impact
+
+A maliciously crafted GIF file could cause a denial of service attack for
+TensorFlow by making it crash.
+
+### Vulnerable Versions
+
+TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0,
+1.5.1, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0
+
+### Mitigation
+
+We have patched the vulnerability in GitHub commit
+[e41cb124](https://github.com/tensorflow/tensorflow/commit/e41cb124cd0b325821af85cdacd9d8a12e206418).
+
+If users are loading untrusted configurations in TensorFlow, we encourage users
+to apply the patch to upgrade the version of TensorFlow they are currently using.
+
+Additionally, we have released TensorFlow version 1.12.2 to mitigate this
+vulnerability. Versions 1.13.0 and later were released using the patched commit.
+
+### Credits
+
+This issue was discovered by Yakun Zhang and Zheng Huang of Baidu Security Lab.
diff --git a/tensorflow/security/index.md b/tensorflow/security/index.md
index 0f176151c2c..e28f8ff0f87 100644
--- a/tensorflow/security/index.md
+++ b/tensorflow/security/index.md
@@ -8,6 +8,7 @@ in [SECURITY.md](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.m
 
 | Advisory Number | Type               | Versions affected | Reported by           | Additional Information      |
 |-----------------|--------------------|:-----------------:|-----------------------|-----------------------------|
+| [TFSA-2019-001](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md)   | Null Pointer Dereference Error in Decoding GIF Files | <= 1.12 | Baidu Security Lab |  |
 | [TFSA-2018-006](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md)   | Crafted Configuration File results in Invalid Memory Access | <= 1.7 | Blade Team of Tencent |  |
 | [TFSA-2018-005](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md)   | Old Snappy Library Usage Resulting in Memcpy Parameter Overlap | <= 1.7 | Blade Team of Tencent |  |
 | [TFSA-2018-004](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md)   | Checkpoint Meta File Out-of-Bounds Read | <= 1.7 | Blade Team of Tencent |  |