CVE-2018-8825

Name of the Vulnerable Software and Affected Versions: Google TensorFlow versions 1.7 and below

Description: The issue allows for the execution of arbitrary code locally due to a buffer overflow. This can occur when users pass a malformed or malicious version of a TFLite graph into TOCO, causing TOCO to crash or resulting in a buffer overflow, which could potentially allow malicious code to be executed.

Recommendations: For Google TensorFlow versions 1.7 and below, consider restricting the input to TOCO to prevent the execution of malicious code until a fix is available. As a temporary workaround, avoid using malformed or malicious TFLite graphs in TOCO. At the moment, there is no information about a newer version that contains a fix for this vulnerability.