HIGH 7.5

GHSA-5w96-866f-6rm8

TensorFlow has Floating Point Exception in TFLite in conv kernel

Details

### Impact Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE.

### Patches We have patched the issue in GitHub commit [34f8368c535253f5c9cb3a303297743b62442aaa](https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa).

The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.

### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

### Attribution This vulnerability was reported by Wang Xuan of Qihoo 360 AIVul Team.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tensorflow

Introduced in: 0 Fixed in: 2.11.1

Fix pip install --upgrade 'tensorflow>=2.11.1'

PyPI / tensorflow-cpu

Introduced in: 0 Fixed in: 2.11.1

Fix pip install --upgrade 'tensorflow-cpu>=2.11.1'

PyPI / tensorflow-gpu

Introduced in: 0 Fixed in: 2.11.1

Fix pip install --upgrade 'tensorflow-gpu>=2.11.1'

Details

Are you affected?

Affected packages

References