Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41888: Add rank checks to GenerateBoundingBoxProposals. · tensorflow/tensorflow@cf35502

TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generate_bounding_box_proposals receives a scores input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

CVE
Open in Source
#mac#git

@@ -16,8 +16,11 @@
import numpy as np
from tensorflow.python.framework import constant_op from tensorflow.python.framework import dtypes from tensorflow.python.framework import errors from tensorflow.python.framework import ops from tensorflow.python.framework import test_util from tensorflow.python.ops import array_ops from tensorflow.python.ops import image_ops from tensorflow.python.ops import image_ops_impl @@ -131,6 +134,22 @@ def testDrawBoundingBoxHalf(self): self._testDrawBoundingBoxColorCycling( image, dtype=dtypes.half, colors=colors)
# generate_bound_box_proposals is only available on GPU. @test_util.run_gpu_only() def testGenerateBoundingBoxProposals(self): # Op only exists on GPU. with self.cached_session(use_gpu=True): with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError), “must be rank 4”): scores = constant_op.constant( value=[[[[1.0, 1.0], [1.0, 1.0], [1.0, 1.0], [1.0, 1.0]]]]) self.evaluate( image_ops.generate_bounding_box_proposals( scores=scores, bbox_deltas=[], image_info=[], anchors=[], pre_nms_topn=1))
if __name__ == "__main__": test.main()

Related news

GHSA-6x99-gv2v-q76v: FPE in `tf.image.generate_bounding_box_proposals`

### Impact When running on GPU, [`tf.image.generate_bounding_box_proposals`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc) receives a `scores` input that must be of rank 4 but is not checked. ```python import tensorflow as tf a = tf.constant(value=[[1.0, 1.0], [1.0, 1.0], [1.0, 1.0], [1.0, 1.0]]) b = tf.constant(value=[1]) tf.image.generate_bounding_box_proposals(scores=a,bbox_deltas=a,image_info=a,anchors=a,pre_nms_topn=b) ``` ### Patches We have patched the issue in GitHub commit [cf35502463a88ca7185a99daa7031df60b3c1c98](https://github.com/tensorflow/tensorflow/commit/cf35502463a88ca7185a99daa7031df60b3c1c98). The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE