blob: fad7fdd40f6dcc651ee72e0496f99377ebe24dbc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
## TFSA-2018-002: GIF File Parsing Null Pointer Dereference Error
### CVE Number
CVE-2018-7576
### Issue Description
When parsing certain invalid GIF files, an internal function in the GIF decoder
returned a null pointer, which was subsequently used as an argument to strcat.
### Impact
A maliciously crafted GIF could be used to cause the TensorFlow process to
crash.
### Vulnerable Versions
TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1 1.4.1, 1.5.0, 1.5.1
### Mitigation
We have patched the vulnerability in GitHub commit
[c4843158](https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8).
If users are running TensorFlow in production or on untrusted data, they are
encouraged to apply this patch.
Additionally, this patch has already been integrated into TensorFlow 1.6.0 and
newer.
### Credits
This issue was discovered by the Blade Team of Tencent.
|