Pkanwar23

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier **Description** The shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. This issue is caused by the code ignoring occurrences of negative `axis` values, other than -1, which is used for optional or unknown dimensions. The issue can be exploited by passing a negative `axis` value to the `QuantizeAndDequantizeV*` operations. **Recommendations** For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later. As a temporary workaround, consider avoiding the use of negative `axis` values in the `QuantizeAndDequantizeV*` operations until a patch is available.