VDB
KO
MEDIUM 4.8

PYSEC-2026-992

Heap overflow in `QuantizeAndDequantizeV2`

Details

### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ```python import tensorflow as tf @tf.function def test(): tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5], input_min=[1.0], input_max=[10.0], signed_input=True, num_bits=1, range_given=True, round_mode='HALF_TO_EVEN', narrow_range=True, axis=0x7fffffff) test() ```

### Patches We have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb).

The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1.

### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tensorflow-gpu
Introduced in: 0 Fixed in: 2.8.4
Fix pip install --upgrade 'tensorflow-gpu>=2.8.4'

References