TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| tensorflow(PyPI) | 0 | 1.7.0 | N/A |
| tensorflow-gpu(PyPI) | 0 | 1.7.0 | N/A |
CVSS Metrics
