CVE-2022-29212

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4

Description TensorFlow is an open source platform for machine learning. Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The issue arises because during quantization, the scale of values could be greater than 1, but the code always assumes sub-unit scaling. As a result, the code calls QuantizeMultiplierSmallerThanOneExp, triggering the TFLITE CHECK LT assertion and aborting the process.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later.