Base Score

MEDIUM6.5

CVE-2019-9635

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

VectorNETWORK

Published Bycve@mitre.org

Published DateApr 24, 2019, 17:29

Affected Versions(2)

tensorflow(PyPI)

Introduced1.0.0

Fixed1.12.1

LimitN/A

tensorflow-gpu(PyPI)

Introduced1.0.0

Fixed1.12.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
tensorflow(PyPI)	1.0.0	1.12.1	N/A
tensorflow-gpu(PyPI)	1.0.0	1.12.1	N/A

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH