VDB
KO
HIGH 7.5

PYSEC-2026-1953

TensorFlow has segmentation fault in tfg-translate

Details

### Impact Out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic functions, are using the "old importer". A better long-term solution may be to have the "new importer" handle generic functions.

### Patches We have patched the issue in GitHub - commit [760322a71ac9033e122ef1f4b1c62813021e5938](https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938). - commit [2eedc8f676d2c3b8be9492e547b2bc814c10b367](https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367)

The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1

### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

### Attribution This vulnerability has been reported by r3pwnx

### Affiliation 360 AIVul

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tensorflow-cpu
Introduced in: 0 Fixed in: 2.11.1
Fix pip install --upgrade 'tensorflow-cpu>=2.11.1'

References