CVE-2021-29531

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the implementation only validates that the total number of pixels in the image does not overflow, allowing an attacker to send an empty matrix for encoding. When calling png::WriteImageToBuffer, the first argument is NULL, triggering a CHECK NOTNULL and resulting in abort being called after printing the stacktrace. This allows an attacker to mount a denial of service attack.

Recommendations: Update to TensorFlow 2.5.0 or later. For versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, apply the cherrypicked commit to fix the issue. As a temporary workaround, consider validating input tensors to ensure they are not empty before encoding.