CVE-2022-23558

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a size t. An attacker can control model inputs such that computed size overflows the size of int datatype.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later. For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later. For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later. As a temporary workaround, consider restricting the use of TfLiteIntArrayCreate and TfLiteIntArrayGetSizeInBytes functions until a patch is available.