CVE-2020-15266

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.4.0

Description The issue arises when the boxes argument of tf.image.crop and resize has a very large value, causing the CPU kernel implementation to receive it as a C++ nan floating point value. This leads to undefined behavior and eventually produces a segmentation fault.

Recommendations For versions prior to 2.4.0, update to TensorFlow 2.4.0 or use a TensorFlow nightly package released after the patch commit to resolve the issue. As a temporary workaround, consider avoiding the use of very large values for the boxes argument in tf.image.crop and resize until a patch is applied.