experiments/STT-tensorflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
rei/fork-r2.3
STT-tensorflow/tensorflow/security/advisory/tfsa-2018-002.md
Frank Chen ff28cfe18d Fix links in the TensorFlow Security Advisories 
PiperOrigin-RevId: 198762795
2018-05-31 12:41:55 -07:00

919 B
Raw Permalink Blame History

TFSA-2018-002: GIF File Parsing Null Pointer Dereference Error

CVE Number

CVE-2018-7576

Issue Description

When parsing certain invalid GIF files, an internal function in the GIF decoder returned a null pointer, which was subsequently used as an argument to strcat.

Impact

A maliciously crafted GIF could be used to cause the TensorFlow process to crash.

Vulnerable Versions

TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1 1.4.1, 1.5.0, 1.5.1

Mitigation

We have patched the vulnerability in GitHub commit c4843158. If users are running TensorFlow in production or on untrusted data, they are encouraged to apply this patch.

Additionally, this patch has already been integrated into TensorFlow 1.6.0 and newer.

Credits

This issue was discovered by the Blade Team of Tencent.