CVE-2023-25667

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description Integer overflow occurs when 2^31 <= num frames * height * width * channels < 2^32, for example, a Full HD screencast of at least 346 frames. This issue is related to the tf.io.decode gif function.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the tf.io.decode gif function with large inputs until a patch is applied.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-31198

AZL-35312

BIT-TENSORFLOW-2023-25667

CVE-2023-25667

GHSA-FQM2-GH8W-GR68

Affected Products

Tensorflow

CVE-2023-25667

Weakness Enumeration

Related Identifiers

Affected Products

References · 11