1## TFSA-2018-003: TensorFlow Lite TOCO FlatBuffer Parsing Vulnerability 2 3### CVE Number 4 5CVE-2018-8825 6 7### Issue Description 8 9The TensorFlow Lite TOCO compiler does not perform correct boundary checks when 10reading from some fields within TFLite files. 11 12As background, TFLite files are based on the FlatBuffers serialization format, 13which does not have bounds checking built-in, rather it relies on the clients to 14handle the appropriate security checks by themselves. 15 16In particular, TOCO is not performing correct bounds checks in the following places: 17* Out of bounds read in TOCO in import.cc:42 18* Null dereference in TOCO in import.cc:135 19* Out of bounds read in TOCO in import.cc:104 20* Null dereference in TOCO in import.cc:121 21* Out of bounds read in TOCO in import.cc:62 22* Out of bounds read in TOCO in operator.cc:48 23* Out of bounds read in TOCO graph_transformations (propagate_fixed_sizes.cc:93) 24 25 26### Impact 27 28Users passing a malformed or malicious version of a TFLite graph into TOCO will 29cause TOCO to crash or cause a buffer overflow, potentially allowing malicious 30code to be executed. 31 32### Vulnerable Versions 33 34TensorFlow 1.5.0, 1.5.1, 1.6.0, 1.7.0 35 36### Mitigation 37 38We have patched the vulnerability in GitHub commits [41335abb](https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476) and 39[8badd11d](https://github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811). 40If users are running the TensorFlow TFLite TOCO compiler in production or on 41untrusted data, they are encouraged to apply this patch. 42 43Additionally, we have released TensorFlow version 1.7.1 to mitigate this 44vulnerability. 45 46### Credits 47 48This issue was discovered by the Blade Team of Tencent. 49