Google · Tensorflow · CVE-2018-21233
**Name of the Vulnerable Software and Affected Versions**
TensorFlow versions prior to 1.7.0
**Description**
The issue is caused by an integer overflow that leads to an out-of-bounds read, potentially disclosing the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode bmp op.cc.
**Recommendations**
For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider disabling the DecodeBmp feature of the BMP decoder until a patch is available. Restrict access to the BMP decoder module to minimize the risk of exploitation.