FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-25 22:01:02 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
326b2f3e-6fc7-4661-955d-a772760db9cf	py-tflite -- buffer overflow vulnerability Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels in a way similar to the attached example script. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter (i.e. `experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF` is used). Discovery 2022-11-21 Entry 2023-04-09 py37-tflite py38-tflite py39-tflite py310-tflite py311-tflite < 2.8.4 >= 2.9.0 lt 2.9.3 >= 2.10.0 lt 2.10.1 CVE-2022-41894 https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5

VuXML ID

Description

326b2f3e-6fc7-4661-955d-a772760db9cf

py-tflite -- buffer overflow vulnerability

Thibaut Goetghebuer-Planchon reports:

The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result.

Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels.

An attacker can craft a model with a specific number of input channels in a way similar to the attached example script.

It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.

This attack only works if the reference kernel resolver is used in the interpreter (i.e. `experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF` is used).

Discovery 2022-11-21
Entry 2023-04-09
py37-tflite
py38-tflite
py39-tflite
py310-tflite
py311-tflite

< 2.8.4

>= 2.9.0 lt 2.9.3

>= 2.10.0 lt 2.10.1

CVE-2022-41894
https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5