Lines Matching full:fixes
27 # Bug Fixes and Other Changes
109 ## Bug Fixes and Other Changes
318 ## Bug Fixes and Other Changes
336 * Fixes a code injection in `saved_model_cli` ([CVE-2022-29216](https://cve.mitre.org/cgi-bin/cve…
337 * Fixes a missing validation which causes `TensorSummaryV2` to crash ([CVE-2022-29193](https://cv…
338 * Fixes a missing validation which crashes `QuantizeAndDequantizeV4Grad` ([CVE-2022-29192](https:…
339 * Fixes a missing validation which causes denial of service via `DeleteSessionTensor` ([CVE-2022-…
340 * Fixes a missing validation which causes denial of service via `GetSessionTensor` ([CVE-2022-291…
341 * Fixes a missing validation which causes denial of service via `StagePeek` ([CVE-2022-29195](htt…
342 * Fixes a missing validation which causes denial of service via `UnsortedSegmentJoin` ([CVE-2022-…
343 * Fixes a missing validation which causes denial of service via `LoadAndRemapMatrix` ([CVE-2022-2…
344 * Fixes a missing validation which causes denial of service via `SparseTensorToCSRSparseMatrix` (…
345 * Fixes a missing validation which causes denial of service via `LSTMBlockCell` ([CVE-2022-29200]…
346 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
347 * Fixes a `CHECK` failure in depthwise ops via overflows ([CVE-2021-41197](https://cve.mitre.org/…
348 * Fixes issues arising from undefined behavior stemming from users supplying invalid resource han…
349 * Fixes a segfault due to missing support for quantized types ([CVE-2022-29205](https://cve.mitre…
350 * Fixes a missing validation which results in undefined behavior in `SparseTensorDenseAdd` ([CVE-…
351 * Fixes a missing validation which results in undefined behavior in `QuantizedConv2D` ([CVE-2022-…
352 * Fixes an integer overflow in `SpaceToBatchND` ([CVE-2022-29203](https://cve.mitre.org/cgi-bin/c…
353 * Fixes a segfault and OOB write due to incomplete validation in `EditDistance` ([CVE-2022-29208]…
354 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
355 * Fixes a denial of service in `tf.ragged.constant` due to lack of validation ([CVE-2022-29202](h…
356 * Fixes a segfault when `tf.histogram_fixed_width` is called with NaN values ([CVE-2022-29211](ht…
357 * Fixes a core dump when loading TFLite models with quantization ([CVE-2022-29212](https://cve.mi…
358 * Fixes crashes stemming from incomplete validation in signal ops ([CVE-2022-29213](https://cve.m…
359 * Fixes a type confusion leading to `CHECK`-failure based denial of service ([CVE-2022-29209](htt…
360 * Fixes a heap buffer overflow due to incorrect hash function ([CVE-2022-29210](https://cve.mitre…
372 This releases introduces several vulnerability fixes:
374 * Fixes a code injection in `saved_model_cli` ([CVE-2022-29216](https://cve.mitre.org/cgi-bin/cve…
375 * Fixes a missing validation which causes `TensorSummaryV2` to crash ([CVE-2022-29193](https://cv…
376 * Fixes a missing validation which crashes `QuantizeAndDequantizeV4Grad` ([CVE-2022-29192](https:…
377 * Fixes a missing validation which causes denial of service via `DeleteSessionTensor` ([CVE-2022-…
378 * Fixes a missing validation which causes denial of service via `GetSessionTensor` ([CVE-2022-291…
379 * Fixes a missing validation which causes denial of service via `StagePeek` ([CVE-2022-29195](htt…
380 * Fixes a missing validation which causes denial of service via `UnsortedSegmentJoin` ([CVE-2022-…
381 * Fixes a missing validation which causes denial of service via `LoadAndRemapMatrix` ([CVE-2022-2…
382 * Fixes a missing validation which causes denial of service via `SparseTensorToCSRSparseMatrix` (…
383 * Fixes a missing validation which causes denial of service via `LSTMBlockCell` ([CVE-2022-29200]…
384 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
385 * Fixes a `CHECK` failure in depthwise ops via overflows ([CVE-2021-41197](https://cve.mitre.org/…
386 * Fixes issues arising from undefined behavior stemming from users supplying invalid resource han…
387 * Fixes a segfault due to missing support for quantized types ([CVE-2022-29205](https://cve.mitre…
388 * Fixes a missing validation which results in undefined behavior in `SparseTensorDenseAdd` ([CVE-…
389 * Fixes a missing validation which results in undefined behavior in `QuantizedConv2D` ([CVE-2022-…
390 * Fixes an integer overflow in `SpaceToBatchND` ([CVE-2022-29203](https://cve.mitre.org/cgi-bin/c…
391 * Fixes a segfault and OOB write due to incomplete validation in `EditDistance` ([CVE-2022-29208]…
392 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
393 * Fixes a denial of service in `tf.ragged.constant` due to lack of validation ([CVE-2022-29202](h…
394 * Fixes a segfault when `tf.histogram_fixed_width` is called with NaN values ([CVE-2022-29211](ht…
395 * Fixes a core dump when loading TFLite models with quantization ([CVE-2022-29212](https://cve.mi…
396 * Fixes crashes stemming from incomplete validation in signal ops ([CVE-2022-29213](https://cve.m…
397 * Fixes a type confusion leading to `CHECK`-failure based denial of service ([CVE-2022-29209](htt…
398 * Fixes a heap buffer overflow due to incorrect hash function ([CVE-2022-29210](https://cve.mitre…
403 This releases introduces several vulnerability fixes:
405 * Fixes a code injection in `saved_model_cli` ([CVE-2022-29216](https://cve.mitre.org/cgi-bin/cve…
406 * Fixes a missing validation which causes `TensorSummaryV2` to crash ([CVE-2022-29193](https://cv…
407 * Fixes a missing validation which crashes `QuantizeAndDequantizeV4Grad` ([CVE-2022-29192](https:…
408 * Fixes a missing validation which causes denial of service via `DeleteSessionTensor` ([CVE-2022-…
409 * Fixes a missing validation which causes denial of service via `GetSessionTensor` ([CVE-2022-291…
410 * Fixes a missing validation which causes denial of service via `StagePeek` ([CVE-2022-29195](htt…
411 * Fixes a missing validation which causes denial of service via `UnsortedSegmentJoin` ([CVE-2022-…
412 * Fixes a missing validation which causes denial of service via `LoadAndRemapMatrix` ([CVE-2022-2…
413 * Fixes a missing validation which causes denial of service via `SparseTensorToCSRSparseMatrix` (…
414 * Fixes a missing validation which causes denial of service via `LSTMBlockCell` ([CVE-2022-29200]…
415 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
416 * Fixes a `CHECK` failure in depthwise ops via overflows ([CVE-2021-41197](https://cve.mitre.org/…
417 * Fixes issues arising from undefined behavior stemming from users supplying invalid resource han…
418 * Fixes a segfault due to missing support for quantized types ([CVE-2022-29205](https://cve.mitre…
419 * Fixes a missing validation which results in undefined behavior in `SparseTensorDenseAdd` ([CVE-…
420 * Fixes a missing validation which results in undefined behavior in `QuantizedConv2D` ([CVE-2022-…
421 * Fixes an integer overflow in `SpaceToBatchND` ([CVE-2022-29203](https://cve.mitre.org/cgi-bin/c…
422 * Fixes a segfault and OOB write due to incomplete validation in `EditDistance` ([CVE-2022-29208]…
423 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
424 * Fixes a denial of service in `tf.ragged.constant` due to lack of validation ([CVE-2022-29202](h…
425 * Fixes a segfault when `tf.histogram_fixed_width` is called with NaN values ([CVE-2022-29211](ht…
426 * Fixes a core dump when loading TFLite models with quantization ([CVE-2022-29212](https://cve.mi…
427 * Fixes crashes stemming from incomplete validation in signal ops ([CVE-2022-29213](https://cve.m…
428 * Fixes a type confusion leading to `CHECK`-failure based denial of service ([CVE-2022-29209](htt…
434 This releases introduces several vulnerability fixes:
436 * Fixes a code injection in `saved_model_cli` ([CVE-2022-29216](https://cve.mitre.org/cgi-bin/cve…
437 * Fixes a missing validation which causes `TensorSummaryV2` to crash ([CVE-2022-29193](https://cv…
438 * Fixes a missing validation which crashes `QuantizeAndDequantizeV4Grad` ([CVE-2022-29192](https:…
439 * Fixes a missing validation which causes denial of service via `DeleteSessionTensor` ([CVE-2022-…
440 * Fixes a missing validation which causes denial of service via `GetSessionTensor` ([CVE-2022-291…
441 * Fixes a missing validation which causes denial of service via `StagePeek` ([CVE-2022-29195](htt…
442 * Fixes a missing validation which causes denial of service via `UnsortedSegmentJoin` ([CVE-2022-…
443 * Fixes a missing validation which causes denial of service via `LoadAndRemapMatrix` ([CVE-2022-2…
444 * Fixes a missing validation which causes denial of service via `SparseTensorToCSRSparseMatrix` (…
445 * Fixes a missing validation which causes denial of service via `LSTMBlockCell` ([CVE-2022-29200]…
446 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
447 * Fixes a `CHECK` failure in depthwise ops via overflows ([CVE-2021-41197](https://cve.mitre.org/…
448 * Fixes issues arising from undefined behavior stemming from users supplying invalid resource han…
449 * Fixes a segfault due to missing support for quantized types ([CVE-2022-29205](https://cve.mitre…
450 * Fixes a missing validation which results in undefined behavior in `SparseTensorDenseAdd` ([CVE-…
451 * Fixes a missing validation which results in undefined behavior in `QuantizedConv2D` ([CVE-2022-…
452 * Fixes an integer overflow in `SpaceToBatchND` ([CVE-2022-29203](https://cve.mitre.org/cgi-bin/c…
453 * Fixes a segfault and OOB write due to incomplete validation in `EditDistance` ([CVE-2022-29208]…
454 * Fixes a missing validation which causes denial of service via `Conv3DBackpropFilterV2` ([CVE-20…
455 * Fixes a denial of service in `tf.ragged.constant` due to lack of validation ([CVE-2022-29202](h…
456 * Fixes a segfault when `tf.histogram_fixed_width` is called with NaN values ([CVE-2022-29211](ht…
457 * Fixes a core dump when loading TFLite models with quantization ([CVE-2022-29212](https://cve.mi…
458 * Fixes crashes stemming from incomplete validation in signal ops ([CVE-2022-29213](https://cve.m…
459 * Fixes a type confusion leading to `CHECK`-failure based denial of service ([CVE-2022-29209](htt…
509 deprecated. The "Bug Fixes and Other Changes" section lists more
517 ## Bug Fixes and Other Changes
663 * Fixes a floating point division by 0 when executing convolution operators
665 * Fixes a heap OOB read in shape inference for `ReverseSequence`
667 * Fixes a heap OOB access in `Dequantize`
669 * Fixes an integer overflow in shape inference for `Dequantize`
671 * Fixes a heap OOB access in `FractionalAvgPoolGrad`
673 * Fixes an overflow and divide by zero in `UnravelIndex`
675 * Fixes a type confusion in shape inference for `ConcatV2`
677 * Fixes an OOM in `ThreadPoolHandle`
679 * Fixes an OOM due to integer overflow in `StringNGrams`
681 * Fixes more issues caused by incomplete validation in boosted trees code
683 * Fixes an integer overflows in most sparse component-wise ops
685 * Fixes an integer overflows in `AddManySparseToTensorsMap`
687 * Fixes a number of `CHECK`-failures in `MapStage`
689 * Fixes a division by zero in `FractionalMaxPool`
691 * Fixes a number of `CHECK`-fails when building invalid/overflowing tensor
694 * Fixes an undefined behavior in `SparseTensorSliceDataset`
696 * Fixes an assertion failure based denial of service via faulty bin count
699 * Fixes a reference binding to null pointer in `QuantizedMaxPool`
701 * Fixes an integer overflow leading to crash in `SparseCountSparseOutput`
703 * Fixes a heap overflow in `SparseCountSparseOutput`
705 * Fixes an FPE in `BiasAndClamp` in TFLite
707 * Fixes an FPE in depthwise convolutions in TFLite
709 * Fixes an integer overflow in TFLite array creation
711 * Fixes an integer overflow in TFLite
713 * Fixes a dangerous OOB write in TFLite
715 * Fixes a vulnerability leading to read and write outside of bounds in TFLite
717 * Fixes a set of vulnerabilities caused by using insecure temporary files
719 * Fixes an integer overflow in Range resulting in undefined behavior and OOM
721 * Fixes a vulnerability where missing validation causes `tf.sparse.split` to
724 * Fixes a `CHECK`-fail when decoding resource handles from proto
726 * Fixes a `CHECK`-fail with repeated `AttrDef`
728 * Fixes a heap OOB write in Grappler
730 * Fixes a `CHECK`-fail when decoding invalid tensors from proto
732 * Fixes a null-dereference when specializing tensor type
734 * Fixes a crash when type cannot be specialized
736 * Fixes a heap OOB read/write in `SpecializeType`
738 * Fixes an unitialized variable access in `AssignOp`
740 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateTensorSize`
742 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateOutputSize`
744 * Fixes a null dereference in `GetInitOp`
746 * Fixes a memory leak when a graph node is invalid
748 * Fixes an abort caused by allocating a vector that is too large
750 * Fixes multiple `CHECK`-failures during Grappler's `IsSimplifiableReshape`
752 * Fixes multiple `CHECK`-failures during Grappler's `SafeToRemoveIdentity`
754 * Fixes multiple `CHECK`-failures in `TensorByteSize`
756 * Fixes multiple `CHECK`-failures in binary ops due to type confusion
758 * Fixes a use after free in `DecodePng` kernel
760 * Fixes a memory leak in decoding PNG images
762 * Fixes multiple `CHECK`-fails in `function.cc`
764 * Fixes multiple `CHECK`-fails due to attempting to build a reference tensor
766 * Fixes an integer overflow in Grappler cost estimation of crop and resize
769 * Fixes a null pointer dereference in Grappler's `IsConstant`
771 * Fixes a `CHECK` failure in constant folding
773 * Fixes a stack overflow due to self-recursive function in `GraphDef`
775 * Fixes a heap OOB access in `RunForwardTypeInference`
777 * Fixes a crash due to erroneous `StatusOr`
779 * Fixes multiple crashes and heap OOB accesses in TFG dialect (MLIR)
781 * Fixes a segfault in `simplifyBroadcast` (MLIR)
783 * Fixes a null pointer dereference in `BuildXlaCompilationCache` (XLA)
814 This releases introduces several vulnerability fixes:
816 * Fixes a floating point division by 0 when executing convolution operators
818 * Fixes a heap OOB read in shape inference for `ReverseSequence`
820 * Fixes a heap OOB access in `Dequantize`
822 * Fixes an integer overflow in shape inference for `Dequantize`
824 * Fixes a heap OOB access in `FractionalAvgPoolGrad`
826 * Fixes an overflow and divide by zero in `UnravelIndex`
828 * Fixes a type confusion in shape inference for `ConcatV2`
830 * Fixes an OOM in `ThreadPoolHandle`
832 * Fixes an OOM due to integer overflow in `StringNGrams`
834 * Fixes more issues caused by incomplete validation in boosted trees code
836 * Fixes an integer overflows in most sparse component-wise ops
838 * Fixes an integer overflows in `AddManySparseToTensorsMap`
840 * Fixes a number of `CHECK`-failures in `MapStage`
842 * Fixes a division by zero in `FractionalMaxPool`
844 * Fixes a number of `CHECK`-fails when building invalid/overflowing tensor
847 * Fixes an undefined behavior in `SparseTensorSliceDataset`
849 * Fixes an assertion failure based denial of service via faulty bin count
852 * Fixes a reference binding to null pointer in `QuantizedMaxPool`
854 * Fixes an integer overflow leading to crash in `SparseCountSparseOutput`
856 * Fixes a heap overflow in `SparseCountSparseOutput`
858 * Fixes an FPE in `BiasAndClamp` in TFLite
860 * Fixes an FPE in depthwise convolutions in TFLite
862 * Fixes an integer overflow in TFLite array creation
864 * Fixes an integer overflow in TFLite
866 * Fixes a dangerous OOB write in TFLite
868 * Fixes a vulnerability leading to read and write outside of bounds in TFLite
870 * Fixes a set of vulnerabilities caused by using insecure temporary files
872 * Fixes an integer overflow in Range resulting in undefined behavior and OOM
874 * Fixes a vulnerability where missing validation causes `tf.sparse.split` to
877 * Fixes a `CHECK`-fail when decoding resource handles from proto
879 * Fixes a `CHECK`-fail with repeated `AttrDef`
881 * Fixes a heap OOB write in Grappler
883 * Fixes a `CHECK`-fail when decoding invalid tensors from proto
885 * Fixes a null-dereference when specializing tensor type
887 * Fixes a crash when type cannot be specialized
889 * Fixes a heap OOB read/write in `SpecializeType`
891 * Fixes an uninitialized variable access in `AssignOp`
893 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateTensorSize`
895 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateOutputSize`
897 * Fixes a null dereference in `GetInitOp`
899 * Fixes a memory leak when a graph node is invalid
901 * Fixes an abort caused by allocating a vector that is too large
903 * Fixes multiple `CHECK`-failures during Grappler's `IsSimplifiableReshape`
905 * Fixes multiple `CHECK`-failures during Grappler's `SafeToRemoveIdentity`
907 * Fixes multiple `CHECK`-failures in `TensorByteSize`
909 * Fixes multiple `CHECK`-failures in binary ops due to type confusion
911 * Fixes a use after free in `DecodePng` kernel
913 * Fixes a memory leak in decoding PNG images
915 * Fixes multiple `CHECK`-fails in `function.cc`
917 * Fixes multiple `CHECK`-fails due to attempting to build a reference tensor
919 * Fixes an integer overflow in Grappler cost estimation of crop and resize
922 * Fixes a null pointer dereference in Grappler's `IsConstant`
924 * Fixes a `CHECK` failure in constant folding
926 * Fixes a stack overflow due to self-recursive function in `GraphDef`
928 * Fixes a crash due to erroneous `StatusOr`
930 * Fixes multiple crashes and heap OOB accesses in TFG dialect (MLIR)
932 * Fixes a null pointer dereference in `BuildXlaCompilationCache` (XLA)
939 This releases introduces several vulnerability fixes:
941 * Fixes a floating point division by 0 when executing convolution operators
943 * Fixes a heap OOB read in shape inference for `ReverseSequence`
945 * Fixes a heap OOB access in `Dequantize`
947 * Fixes an integer overflow in shape inference for `Dequantize`
949 * Fixes a heap OOB access in `FractionalAvgPoolGrad`
951 * Fixes an overflow and divide by zero in `UnravelIndex`
953 * Fixes a type confusion in shape inference for `ConcatV2`
955 * Fixes an OOM in `ThreadPoolHandle`
957 * Fixes an OOM due to integer overflow in `StringNGrams`
959 * Fixes more issues caused by incomplete validation in boosted trees code
961 * Fixes an integer overflows in most sparse component-wise ops
963 * Fixes an integer overflows in `AddManySparseToTensorsMap`
965 * Fixes a number of `CHECK`-failures in `MapStage`
967 * Fixes a division by zero in `FractionalMaxPool`
969 * Fixes a number of `CHECK`-fails when building invalid/overflowing tensor
972 * Fixes an undefined behavior in `SparseTensorSliceDataset`
974 * Fixes an assertion failure based denial of service via faulty bin count
977 * Fixes a reference binding to null pointer in `QuantizedMaxPool`
979 * Fixes an integer overflow leading to crash in `SparseCountSparseOutput`
981 * Fixes a heap overflow in `SparseCountSparseOutput`
983 * Fixes an FPE in `BiasAndClamp` in TFLite
985 * Fixes an FPE in depthwise convolutions in TFLite
987 * Fixes an integer overflow in TFLite array creation
989 * Fixes an integer overflow in TFLite
991 * Fixes a dangerous OOB write in TFLite
993 * Fixes a vulnerability leading to read and write outside of bounds in TFLite
995 * Fixes a set of vulnerabilities caused by using insecure temporary files
997 * Fixes an integer overflow in Range resulting in undefined behavior and OOM
999 * Fixes a vulnerability where missing validation causes `tf.sparse.split` to
1002 * Fixes a `CHECK`-fail when decoding resource handles from proto
1004 * Fixes a `CHECK`-fail with repeated `AttrDef`
1006 * Fixes a heap OOB write in Grappler
1008 * Fixes a `CHECK`-fail when decoding invalid tensors from proto
1010 * Fixes a null-dereference when specializing tensor type
1012 * Fixes a crash when type cannot be specialized
1014 * Fixes a heap OOB read/write in `SpecializeType`
1016 * Fixes an unitialized variable access in `AssignOp`
1018 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateTensorSize`
1020 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateOutputSize`
1022 * Fixes a null dereference in `GetInitOp`
1024 * Fixes a memory leak when a graph node is invalid
1026 * Fixes an abort caused by allocating a vector that is too large
1028 * Fixes multiple `CHECK`-failures during Grappler's `IsSimplifiableReshape`
1030 * Fixes multiple `CHECK`-failures during Grappler's `SafeToRemoveIdentity`
1032 * Fixes multiple `CHECK`-failures in `TensorByteSize`
1034 * Fixes multiple `CHECK`-failures in binary ops due to type confusion
1036 * Fixes a use after free in `DecodePng` kernel
1038 * Fixes a memory leak in decoding PNG images
1040 * Fixes multiple `CHECK`-fails in `function.cc`
1042 * Fixes multiple `CHECK`-fails due to attempting to build a reference tensor
1044 * Fixes an integer overflow in Grappler cost estimation of crop and resize
1047 * Fixes a null pointer dereference in Grappler's `IsConstant`
1049 * Fixes a `CHECK` failure in constant folding
1051 * Fixes a stack overflow due to self-recursive function in `GraphDef`
1053 * Fixes a null pointer dereference in `BuildXlaCompilationCache` (XLA)
1060 This releases introduces several vulnerability fixes:
1062 * Fixes a floating point division by 0 when executing convolution operators
1064 * Fixes a heap OOB read in shape inference for `ReverseSequence`
1066 * Fixes a heap OOB access in `Dequantize`
1068 * Fixes an integer overflow in shape inference for `Dequantize`
1070 * Fixes a heap OOB access in `FractionalAvgPoolGrad`
1072 * Fixes an overflow and divide by zero in `UnravelIndex`
1074 * Fixes a type confusion in shape inference for `ConcatV2`
1076 * Fixes an OOM in `ThreadPoolHandle`
1078 * Fixes an OOM due to integer overflow in `StringNGrams`
1080 * Fixes more issues caused by incomplete validation in boosted trees code
1082 * Fixes an integer overflows in most sparse component-wise ops
1084 * Fixes an integer overflows in `AddManySparseToTensorsMap`
1086 * Fixes a number of `CHECK`-failures in `MapStage`
1088 * Fixes a division by zero in `FractionalMaxPool`
1090 * Fixes a number of `CHECK`-fails when building invalid/overflowing tensor
1093 * Fixes an undefined behavior in `SparseTensorSliceDataset`
1095 * Fixes an assertion failure based denial of service via faulty bin count
1098 * Fixes a reference binding to null pointer in `QuantizedMaxPool`
1100 * Fixes an integer overflow leading to crash in `SparseCountSparseOutput`
1102 * Fixes a heap overflow in `SparseCountSparseOutput`
1104 * Fixes an FPE in `BiasAndClamp` in TFLite
1106 * Fixes an FPE in depthwise convolutions in TFLite
1108 * Fixes an integer overflow in TFLite array creation
1110 * Fixes an integer overflow in TFLite
1112 * Fixes a dangerous OOB write in TFLite
1114 * Fixes a vulnerability leading to read and write outside of bounds in TFLite
1116 * Fixes a set of vulnerabilities caused by using insecure temporary files
1118 * Fixes an integer overflow in Range resulting in undefined behavior and OOM
1120 * Fixes a vulnerability where missing validation causes `tf.sparse.split` to
1123 * Fixes a `CHECK`-fail when decoding resource handles from proto
1125 * Fixes a `CHECK`-fail with repeated `AttrDef`
1127 * Fixes a heap OOB write in Grappler
1129 * Fixes a `CHECK`-fail when decoding invalid tensors from proto
1131 * Fixes an unitialized variable access in `AssignOp`
1133 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateTensorSize`
1135 * Fixes an integer overflow in `OpLevelCostEstimator::CalculateOutputSize`
1137 * Fixes a null dereference in `GetInitOp`
1139 * Fixes a memory leak when a graph node is invalid
1141 * Fixes an abort caused by allocating a vector that is too large
1143 * Fixes multiple `CHECK`-failures during Grappler's `IsSimplifiableReshape`
1145 * Fixes multiple `CHECK`-failures during Grappler's `SafeToRemoveIdentity`
1147 * Fixes multiple `CHECK`-failures in `TensorByteSize`
1149 * Fixes multiple `CHECK`-failures in binary ops due to type confusion
1151 * Fixes a use after free in `DecodePng` kernel
1153 * Fixes a memory leak in decoding PNG images
1155 * Fixes multiple `CHECK`-fails in `function.cc`
1157 * Fixes multiple `CHECK`-fails due to attempting to build a reference tensor
1159 * Fixes an integer overflow in Grappler cost estimation of crop and resize
1162 * Fixes a null pointer dereference in Grappler's `IsConstant`
1164 * Fixes a `CHECK` failure in constant folding
1166 * Fixes a stack overflow due to self-recursive function in `GraphDef`
1379 ## Bug Fixes and Other Changes
1488 * Fixes a code injection issue in `saved_model_cli`
1490 * Fixes a vulnerability due to use of uninitialized value in Tensorflow
1492 * Fixes a heap OOB in `FusedBatchNorm` kernels
1494 * Fixes an arbitrary memory read in `ImmutableConst`
1496 * Fixes a heap OOB in `SparseBinCount`
1498 * Fixes a heap OOB in `SparseFillEmptyRows`
1500 * Fixes a segfault due to negative splits in `SplitV`
1502 * Fixes segfaults and vulnerabilities caused by accesses to invalid memory
1505 * Fixes a null pointer exception when `Exit` node is not preceded by `Enter`
1508 * Fixes an integer division by 0 in `tf.raw_ops.AllToAll`
1510 * Fixes a use after free and a memory leak in `CollectiveReduceV2`
1512 * Fixes an undefined behavior via `nullptr` reference binding in sparse matrix
1515 * Fixes a heap buffer overflow in `Transpose`
1519 * Fixes a null pointer exception in `DeserializeSparse`
1521 * Fixes an undefined behavior arising from reference binding to `nullptr` in
1524 * Fixes a heap OOB read in `tf.ragged.cross`
1526 * Fixes a heap OOB in shape inference for `QuantizeV2`
1528 * Fixes a heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
1530 * Fixes an FPE in `ParallelConcat`
1532 * Fixes FPE issues in convolutions with zero size filters
1534 * Fixes a heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
1536 * Fixes vulnerabilities caused by incomplete validation in boosted trees code
1538 * Fixes vulnerabilities caused by incomplete validation of shapes in multiple
1541 * Fixes a segfault produced while copying constant resource tensor
1543 * Fixes a vulnerability caused by unitialized access in
1546 * Fixes several vulnerabilities and segfaults caused by missing validation
1549 * Fixes an overflow producing a crash in `tf.range`
1551 * Fixes an overflow producing a crash in `tf.image.resize` when size is large
1553 * Fixes an overflow producing a crash in `tf.tile` when tiling tensor is large
1555 * Fixes a vulnerability produced due to incomplete validation in
1558 * Fixes multiple crashes due to overflow and `CHECK`-fail in ops with large
1561 * Fixes a crash in `max_pool3d` when size argument is 0 or negative
1563 * Fixes a crash in `tf.math.segment_*` operations
1601 Fixes an issue where `keras`, `tensorflow_estimator` and `tensorboard` were
1606 This release introduces several vulnerability fixes:
1608 * Fixes a code injection issue in `saved_model_cli`
1610 * Fixes a vulnerability due to use of uninitialized value in Tensorflow
1612 * Fixes a heap OOB in `FusedBatchNorm` kernels
1614 * Fixes an arbitrary memory read in `ImmutableConst`
1616 * Fixes a heap OOB in `SparseBinCount`
1618 * Fixes a heap OOB in `SparseFillEmptyRows`
1620 * Fixes a segfault due to negative splits in `SplitV`
1622 * Fixes segfaults and vulnerabilities caused by accesses to invalid memory
1625 * Fixes a null pointer exception when `Exit` node is not preceded by `Enter`
1628 * Fixes an integer division by 0 in `tf.raw_ops.AllToAll`
1630 * Fixes a use after free and a memory leak in `CollectiveReduceV2`
1632 * Fixes an undefined behavior via `nullptr` reference binding in sparse matrix
1635 * Fixes a heap buffer overflow in `Transpose`
1639 * Fixes a null pointer exception in `DeserializeSparse`
1641 * Fixes an undefined behavior arising from reference binding to `nullptr` in
1644 * Fixes a heap OOB read in `tf.ragged.cross`
1646 * Fixes a heap OOB in shape inference for `QuantizeV2`
1648 * Fixes a heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
1650 * Fixes an FPE in `ParallelConcat`
1652 * Fixes FPE issues in convolutions with zero size filters
1654 * Fixes a heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
1656 * Fixes vulnerabilities caused by incomplete validation in boosted trees code
1658 * Fixes vulnerabilities caused by incomplete validation of shapes in multiple
1661 * Fixes a segfault produced while copying constant resource tensor
1663 * Fixes a vulnerability caused by unitialized access in
1666 * Fixes several vulnerabilities and segfaults caused by missing validation
1669 * Fixes an overflow producing a crash in `tf.range`
1671 * Fixes an overflow producing a crash in `tf.image.resize` when size is large
1673 * Fixes an overflow producing a crash in `tf.tile` when tiling tensor is large
1675 * Fixes a vulnerability produced due to incomplete validation in
1678 * Fixes multiple crashes due to overflow and `CHECK`-fail in ops with large
1681 * Fixes a crash in `max_pool3d` when size argument is 0 or negative
1683 * Fixes a crash in `tf.math.segment_*` operations
1825 ## Bug Fixes and Other Changes
1954 * Fixes a heap out of bounds access in sparse reduction operations
1956 * Fixes a floating point exception in `SparseDenseCwiseDiv`
1958 * Fixes a null pointer dereference in `CompressElement`
1960 * Fixes a null pointer dereference in `RaggedTensorToTensor`
1962 * Fixes a null pointer dereference and a heap OOB read arising from operations
1965 * Fixes an integer division by 0 in sparse reshaping
1967 * Fixes a division by 0 in `ResourceScatterDiv`
1969 * Fixes a heap OOB in `RaggedGather`
1971 * Fixes a `std::abort` raised from `TensorListReserve`
1973 * Fixes a null pointer dereference in `MatrixDiagPartOp`
1975 * Fixes an integer overflow due to conversion to unsigned
1977 * Fixes a bad allocation error in `StringNGrams` caused by integer conversion
1979 * Fixes a null pointer dereference in `SparseTensorSliceDataset`
1981 * Fixes an incorrect validation of `SaveV2` inputs
1983 * Fixes a null pointer dereference in `UncompressElement`
1985 * Fixes a segfault and a heap buffer overflow in
1988 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
1990 * Fixes a use after free in boosted trees creation
1992 * Fixes a division by 0 in `ResourceGather`
1994 * Fixes a heap OOB and a `CHECK` fail in `ResourceGather`
1996 * Fixes a heap OOB in `ResourceScatterUpdate`
1998 * Fixes an undefined behavior arising from reference binding to nullptr in
2001 * Fixes an undefined behavior arising from reference binding to nullptr in
2004 * Fixes an undefined behavior arising from reference binding to nullptr in
2007 * Fixes an undefined behavior arising from reference binding to nullptr and
2010 * Fixes a division by 0 in inplace operations
2012 * Fixes a crash caused by integer conversion to unsigned
2014 * Fixes an undefined behavior arising from reference binding to nullptr in
2017 * Fixes a heap OOB in boosted trees
2019 * Fixes vulnerabilities arising from incomplete validation in `QuantizeV2`
2021 * Fixes vulnerabilities arising from incomplete validation in MKL
2024 * Fixes an undefined behavior arising from reference binding to nullptr in
2027 * Fixes an undefined behavior arising from reference binding to nullptr in
2030 * Fixes an FPE in `tf.raw_ops.UnravelIndex`
2032 * Fixes a crash in NMS ops caused by integer conversion to unsigned
2034 * Fixes a heap OOB in `UpperBound` and `LowerBound`
2036 * Fixes an undefined behavior arising from reference binding to nullptr in map
2039 * Fixes a heap OOB in `SdcaOptimizerV2`
2041 * Fixes a `CHECK`-fail in `MapStage`
2043 * Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad`
2045 * Fixes an undefined behavior arising from reference binding to nullptr in
2048 * Fixes a division by 0 in most convolution operators
2050 * Fixes vulnerabilities arising from missing validation in shape inference for
2053 * Fixes an arbitrary code execution due to YAML deserialization
2055 * Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s
2057 * Fixes a division by zero in TFLite
2059 * Fixes an NPE in TFLite
2061 * Fixes a vulnerability arising from use of unitialized value in TFLite
2063 * Fixes an FPE in TFLite division operations
2065 * Fixes an FPE in TFLite pooling operations
2067 * Fixes an infinite loop in TFLite
2069 * Fixes a heap OOB in TFLite
2071 * Fixes a heap OOB in TFLite's `Gather*` implementations
2073 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2075 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2078 * Fixes a FPE in LSH in TFLite
2080 * Fixes a segfault on strings tensors with mismatched dimensions, arising in
2083 * Fixes a use after free and a potential segfault in shape inference functions
2126 This release introduces several vulnerability fixes:
2128 * Fixes a code injection issue in `saved_model_cli`
2130 * Fixes a vulnerability due to use of uninitialized value in Tensorflow
2132 * Fixes a heap OOB in `FusedBatchNorm` kernels
2134 * Fixes an arbitrary memory read in `ImmutableConst`
2136 * Fixes a heap OOB in `SparseBinCount`
2138 * Fixes a heap OOB in `SparseFillEmptyRows`
2140 * Fixes a segfault due to negative splits in `SplitV`
2142 * Fixes segfaults and vulnerabilities caused by accesses to invalid memory
2145 * Fixes a null pointer exception when `Exit` node is not preceded by `Enter`
2148 * Fixes an integer division by 0 in `tf.raw_ops.AllToAll`
2150 * Fixes an undefined behavior via `nullptr` reference binding in sparse matrix
2153 * Fixes a heap buffer overflow in `Transpose`
2157 * Fixes a null pointer exception in `DeserializeSparse`
2159 * Fixes an undefined behavior arising from reference binding to `nullptr` in
2162 * Fixes a heap OOB read in `tf.ragged.cross`
2164 * Fixes a heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
2166 * Fixes an FPE in `ParallelConcat`
2168 * Fixes FPE issues in convolutions with zero size filters
2170 * Fixes a heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
2172 * Fixes vulnerabilities caused by incomplete validation in boosted trees code
2174 * Fixes vulnerabilities caused by incomplete validation of shapes in multiple
2177 * Fixes a segfault produced while copying constant resource tensor
2179 * Fixes a vulnerability caused by unitialized access in
2182 * Fixes several vulnerabilities and segfaults caused by missing validation
2185 * Fixes an overflow producing a crash in `tf.range`
2187 * Fixes an overflow producing a crash in `tf.image.resize` when size is large
2189 * Fixes an overflow producing a crash in `tf.tile` when tiling tensor is large
2191 * Fixes a vulnerability produced due to incomplete validation in
2194 * Fixes multiple crashes due to overflow and `CHECK`-fail in ops with large
2197 * Fixes a crash in `max_pool3d` when size argument is 0 or negative
2199 * Fixes a crash in `tf.math.segment_*` operations
2211 This release introduces several vulnerability fixes:
2213 * Fixes a heap out of bounds access in sparse reduction operations
2215 * Fixes a floating point exception in `SparseDenseCwiseDiv`
2217 * Fixes a null pointer dereference in `CompressElement`
2219 * Fixes a null pointer dereference in `RaggedTensorToTensor`
2221 * Fixes a null pointer dereference and a heap OOB read arising from operations
2224 * Fixes an integer division by 0 in sparse reshaping
2226 * Fixes a division by 0 in `ResourceScatterDiv`
2228 * Fixes a heap OOB in `RaggedGather`
2230 * Fixes a `std::abort` raised from `TensorListReserve`
2232 * Fixes a null pointer dereference in `MatrixDiagPartOp`
2234 * Fixes an integer overflow due to conversion to unsigned
2236 * Fixes a bad allocation error in `StringNGrams` caused by integer conversion
2238 * Fixes a null pointer dereference in `SparseTensorSliceDataset`
2240 * Fixes an incorrect validation of `SaveV2` inputs
2242 * Fixes a null pointer dereference in `UncompressElement`
2244 * Fixes a segfault and a heap buffer overflow in
2247 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
2249 * Fixes a use after free in boosted trees creation
2251 * Fixes a division by 0 in `ResourceGather`
2253 * Fixes a heap OOB and a `CHECK` fail in `ResourceGather`
2255 * Fixes a heap OOB in `ResourceScatterUpdate`
2257 * Fixes an undefined behavior arising from reference binding to nullptr in
2260 * Fixes an undefined behavior arising from reference binding to nullptr in
2263 * Fixes an undefined behavior arising from reference binding to nullptr in
2266 * Fixes an undefined behavior arising from reference binding to nullptr and
2269 * Fixes a division by 0 in inplace operations
2271 * Fixes a crash caused by integer conversion to unsigned
2273 * Fixes an undefined behavior arising from reference binding to nullptr in
2276 * Fixes a heap OOB in boosted trees
2278 * Fixes vulnerabilities arising from incomplete validation in `QuantizeV2`
2280 * Fixes vulnerabilities arising from incomplete validation in MKL
2283 * Fixes an undefined behavior arising from reference binding to nullptr in
2286 * Fixes an undefined behavior arising from reference binding to nullptr in
2289 * Fixes an FPE in `tf.raw_ops.UnravelIndex`
2291 * Fixes a crash in NMS ops caused by integer conversion to unsigned
2293 * Fixes a heap OOB in `UpperBound` and `LowerBound`
2295 * Fixes an undefined behavior arising from reference binding to nullptr in map
2298 * Fixes a heap OOB in `SdcaOptimizerV2`
2300 * Fixes a `CHECK`-fail in `MapStage`
2302 * Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad`
2304 * Fixes an undefined behavior arising from reference binding to nullptr in
2307 * Fixes a division by 0 in most convolution operators
2309 * Fixes vulnerabilities arising from missing validation in shape inference for
2312 * Fixes an arbitrary code execution due to YAML deserialization
2314 * Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s
2316 * Fixes a division by zero in TFLite
2318 * Fixes an NPE in TFLite
2320 * Fixes a vulnerability arising from use of unitialized value in TFLite
2322 * Fixes an FPE in TFLite division operations
2324 * Fixes an FPE in TFLite pooling operations
2326 * Fixes an infinite loop in TFLite
2328 * Fixes a heap OOB in TFLite
2330 * Fixes a heap OOB in TFLite's `Gather*` implementations
2332 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2334 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2337 * Fixes a FPE in LSH in TFLite
2339 * Fixes a segfault on strings tensors with mismatched dimensions, arising in
2342 * Fixes a use after free and a potential segfault in shape inference functions
2353 This release introduces several vulnerability fixes:
2355 * Fixes a code injection issue in `saved_model_cli`
2357 * Fixes a vulnerability due to use of uninitialized value in Tensorflow
2359 * Fixes a heap OOB in `FusedBatchNorm` kernels
2361 * Fixes an arbitrary memory read in `ImmutableConst`
2363 * Fixes a heap OOB in `SparseBinCount`
2365 * Fixes a heap OOB in `SparseFillEmptyRows`
2367 * Fixes a segfault due to negative splits in `SplitV`
2369 * Fixes segfaults and vulnerabilities caused by accesses to invalid memory
2372 * Fixes a null pointer exception when `Exit` node is not preceded by `Enter`
2375 * Fixes an integer division by 0 in `tf.raw_ops.AllToAll`
2377 * Fixes an undefined behavior via `nullptr` reference binding in sparse matrix
2380 * Fixes a heap buffer overflow in `Transpose`
2384 * Fixes a null pointer exception in `DeserializeSparse`
2386 * Fixes an undefined behavior arising from reference binding to `nullptr` in
2389 * Fixes a heap OOB read in `tf.ragged.cross`
2391 * Fixes a heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops
2393 * Fixes an FPE in `ParallelConcat`
2395 * Fixes FPE issues in convolutions with zero size filters
2397 * Fixes a heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
2399 * Fixes vulnerabilities caused by incomplete validation in boosted trees code
2401 * Fixes vulnerabilities caused by incomplete validation of shapes in multiple
2404 * Fixes a segfault produced while copying constant resource tensor
2406 * Fixes a vulnerability caused by unitialized access in
2409 * Fixes several vulnerabilities and segfaults caused by missing validation
2412 * Fixes an overflow producing a crash in `tf.range`
2414 * Fixes an overflow producing a crash in `tf.image.resize` when size is large
2416 * Fixes an overflow producing a crash in `tf.tile` when tiling tensor is large
2418 * Fixes a vulnerability produced due to incomplete validation in
2421 * Fixes multiple crashes due to overflow and `CHECK`-fail in ops with large
2424 * Fixes a crash in `max_pool3d` when size argument is 0 or negative
2426 * Fixes a crash in `tf.math.segment_*` operations
2438 This release introduces several vulnerability fixes:
2440 * Fixes a heap out of bounds access in sparse reduction operations
2442 * Fixes a floating point exception in `SparseDenseCwiseDiv`
2444 * Fixes a null pointer dereference in `CompressElement`
2446 * Fixes a null pointer dereference in `RaggedTensorToTensor`
2448 * Fixes a null pointer dereference and a heap OOB read arising from operations
2451 * Fixes an integer division by 0 in sparse reshaping
2453 * Fixes a division by 0 in `ResourceScatterDiv`
2455 * Fixes a heap OOB in `RaggedGather`
2457 * Fixes a `std::abort` raised from `TensorListReserve`
2459 * Fixes a null pointer dereference in `MatrixDiagPartOp`
2461 * Fixes an integer overflow due to conversion to unsigned
2463 * Fixes a bad allocation error in `StringNGrams` caused by integer conversion
2465 * Fixes a null pointer dereference in `SparseTensorSliceDataset`
2467 * Fixes an incorrect validation of `SaveV2` inputs
2469 * Fixes a null pointer dereference in `UncompressElement`
2471 * Fixes a segfault and a heap buffer overflow in
2474 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
2476 * Fixes a use after free in boosted trees creation
2478 * Fixes a division by 0 in `ResourceGather`
2480 * Fixes a heap OOB and a `CHECK` fail in `ResourceGather`
2482 * Fixes a heap OOB in `ResourceScatterUpdate`
2484 * Fixes an undefined behavior arising from reference binding to nullptr in
2487 * Fixes an undefined behavior arising from reference binding to nullptr in
2490 * Fixes an undefined behavior arising from reference binding to nullptr in
2493 * Fixes an undefined behavior arising from reference binding to nullptr and
2496 * Fixes a division by 0 in inplace operations
2498 * Fixes a crash caused by integer conversion to unsigned
2500 * Fixes an undefined behavior arising from reference binding to nullptr in
2503 * Fixes a heap OOB in boosted trees
2505 * Fixes vulnerabilities arising from incomplete validation in `QuantizeV2`
2507 * Fixes vulnerabilities arising from incomplete validation in MKL
2510 * Fixes an undefined behavior arising from reference binding to nullptr in
2513 * Fixes an undefined behavior arising from reference binding to nullptr in
2516 * Fixes an FPE in `tf.raw_ops.UnravelIndex`
2518 * Fixes a crash in NMS ops caused by integer conversion to unsigned
2520 * Fixes a heap OOB in `UpperBound` and `LowerBound`
2522 * Fixes an undefined behavior arising from reference binding to nullptr in map
2525 * Fixes a heap OOB in `SdcaOptimizerV2`
2527 * Fixes a `CHECK`-fail in `MapStage`
2529 * Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad`
2531 * Fixes an undefined behavior arising from reference binding to nullptr in
2534 * Fixes a division by 0 in most convolution operators
2536 * Fixes vulnerabilities arising from missing validation in shape inference for
2539 * Fixes an arbitrary code execution due to YAML deserialization
2541 * Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s
2543 * Fixes a division by zero in TFLite
2545 * Fixes an NPE in TFLite
2547 * Fixes a vulnerability arising from use of unitialized value in TFLite
2549 * Fixes an FPE in TFLite division operations
2551 * Fixes an FPE in TFLite pooling operations
2553 * Fixes an infinite loop in TFLite
2555 * Fixes a heap OOB in TFLite
2557 * Fixes a heap OOB in TFLite's `Gather*` implementations
2559 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2561 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2564 * Fixes a FPE in LSH in TFLite
2566 * Fixes a segfault on strings tensors with mismatched dimensions, arising in
2569 * Fixes a use after free and a potential segfault in shape inference functions
2580 This release introduces several vulnerability fixes:
2582 * Fixes a heap out of bounds access in sparse reduction operations
2584 * Fixes a floating point exception in `SparseDenseCwiseDiv`
2586 * Fixes a null pointer dereference in `CompressElement`
2588 * Fixes a null pointer dereference in `RaggedTensorToTensor`
2590 * Fixes a null pointer dereference and a heap OOB read arising from operations
2593 * Fixes an integer division by 0 in sparse reshaping
2595 * Fixes a division by 0 in `ResourceScatterDiv`
2597 * Fixes a heap OOB in `RaggedGather`
2599 * Fixes a `std::abort` raised from `TensorListReserve`
2601 * Fixes a null pointer dereference in `MatrixDiagPartOp`
2603 * Fixes an integer overflow due to conversion to unsigned
2605 * Fixes a bad allocation error in `StringNGrams` caused by integer conversion
2607 * Fixes a null pointer dereference in `SparseTensorSliceDataset`
2609 * Fixes an incorrect validation of `SaveV2` inputs
2611 * Fixes a null pointer dereference in `UncompressElement`
2613 * Fixes a segfault and a heap buffer overflow in
2616 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
2618 * Fixes a use after free in boosted trees creation
2620 * Fixes a division by 0 in `ResourceGather`
2622 * Fixes a heap OOB and a `CHECK` fail in `ResourceGather`
2624 * Fixes a heap OOB in `ResourceScatterUpdate`
2626 * Fixes an undefined behavior arising from reference binding to nullptr in
2629 * Fixes an undefined behavior arising from reference binding to nullptr in
2632 * Fixes an undefined behavior arising from reference binding to nullptr in
2635 * Fixes an undefined behavior arising from reference binding to nullptr and
2638 * Fixes a division by 0 in inplace operations
2640 * Fixes a crash caused by integer conversion to unsigned
2642 * Fixes an undefined behavior arising from reference binding to nullptr in
2645 * Fixes a heap OOB in boosted trees
2647 * Fixes vulnerabilities arising from incomplete validation in `QuantizeV2`
2649 * Fixes vulnerabilities arising from incomplete validation in MKL
2652 * Fixes an undefined behavior arising from reference binding to nullptr in
2655 * Fixes an undefined behavior arising from reference binding to nullptr in
2658 * Fixes an FPE in `tf.raw_ops.UnravelIndex`
2660 * Fixes a crash in NMS ops caused by integer conversion to unsigned
2662 * Fixes a heap OOB in `UpperBound` and `LowerBound`
2664 * Fixes an undefined behavior arising from reference binding to nullptr in map
2667 * Fixes a heap OOB in `SdcaOptimizerV2`
2669 * Fixes a `CHECK`-fail in `MapStage`
2671 * Fixes a vulnerability arising from incomplete validation in `MaxPoolGrad`
2673 * Fixes an undefined behavior arising from reference binding to nullptr in
2676 * Fixes a division by 0 in most convolution operators
2678 * Fixes vulnerabilities arising from missing validation in shape inference for
2681 * Fixes an arbitrary code execution due to YAML deserialization
2683 * Fixes a heap OOB in nested `tf.map_fn` with `RaggedTensor`s
2685 * Fixes a division by zero in TFLite
2687 * Fixes an NPE in TFLite
2689 * Fixes a vulnerability arising from use of unitialized value in TFLite
2691 * Fixes an FPE in TFLite division operations
2693 * Fixes an FPE in TFLite pooling operations
2695 * Fixes an infinite loop in TFLite
2697 * Fixes a heap OOB in TFLite
2699 * Fixes a heap OOB in TFLite's `Gather*` implementations
2701 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2703 * Fixes an undefined behavior arising from null pointer dereference in TFLite
2706 * Fixes a FPE in LSH in TFLite
2708 * Fixes a segfault on strings tensors with mismatched dimensions, arising in
2711 * Fixes a use after free and a potential segfault in shape inference functions
2722 This release introduces several vulnerability fixes:
2724 * Fixes a heap buffer overflow in `RaggedBinCount`
2726 * Fixes a heap out of bounds write in `RaggedBinCount`
2728 * Fixes a type confusion during tensor casts which leads to dereferencing null
2731 * Fixes a reference binding to null pointer in `MatrixDiag*` ops
2733 * Fixes a null pointer dereference via invalid Ragged Tensors
2735 * Fixes a division by zero in `Conv3D`
2737 * Fixes vulnerabilities where session operations in eager mode lead to null
2740 * Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
2742 * Fixes a segfault in `SparseCountSparseOutput`
2744 * Fixes a heap buffer overflow in `Conv3DBackprop*`
2746 * Fixes a division by 0 in `Conv3DBackprop*`
2748 * Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
2750 * Fixes a division by 0 in `Conv2DBackpropFilter`
2752 * Fixes a division by 0 in `Conv2DBackpropInput`
2754 * Fixes a division by 0 in `Conv2D`
2756 * Fixes a division by 0 in `QuantizedConv2D`
2758 * Fixes a division by 0 in `QuantizedMul`
2760 * Fixes vulnerabilities caused by invalid validation in
2763 * Fixes a heap buffer overflow caused by rounding
2765 * Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
2767 * Fixes a heap out of bounds read in `RaggedCross`
2769 * Fixes a `CHECK`-fail in `DrawBoundingBoxes`
2771 * Fixes a heap buffer overflow in `QuantizedMul`
2773 * Fixes a `CHECK`-fail in `SparseConcat`
2775 * Fixes a heap buffer overflow in `QuantizedResizeBilinear`
2777 * Fixes a heap buffer overflow in `QuantizedReshape`
2779 * Fixes a division by zero in `Conv2DBackpropFilter`
2781 * Fixes a heap buffer overflow in `Conv2DBackpropFilter`
2783 * Fixes a heap buffer overflow in `StringNGrams`
2785 * Fixes a null pointer dereference in `StringNGrams`
2787 * Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
2789 * Fixes a `CHECK`-fail in `CTCGreedyDecoder`
2791 * Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
2793 * Fixes a division by 0 in `QuantizedBiasAdd`
2795 * Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
2797 * Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
2799 * Fixes a division by 0 in `QuantizedAdd`
2801 * Fixes a division by 0 in `FractionalAvgPool`
2803 * Fixes an OOB read in `MatrixTriangularSolve`
2805 * Fixes a heap OOB in `QuantizeAndDequantizeV3`
2807 * Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
2809 * Fixes a division by 0 in `DenseCountSparseOutput`
2811 * Fixes a division by 0 in `FusedBatchNorm`
2813 * Fixes a division by 0 in `SparseMatMul`
2815 * Fixes a division by 0 in `Reverse`
2817 * Fixes a heap buffer overflow in `SparseSplit`
2819 * Fixes a heap OOB access in unicode ops
2821 * Fixes a heap buffer overflow in `RaggedTensorToTensor`
2823 * Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
2825 * Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
2827 * Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
2829 * Fixes a null pointer dereference in `EditDistance`
2831 * Fixes a null pointer dereference in `SparseFillEmptyRows`
2833 * Fixes a heap OOB access in `Dilation2DBackpropInput`
2835 * Fixes a reference binding to null in `ParameterizedTruncatedNormal`
2837 * Fixes a set of vulnerabilities caused by lack of validation in
2840 * Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
2842 * Fixes a heap out of bounds read in `RequantizationRange`
2844 * Fixes a memory corruption in `DrawBoundingBoxesV2`
2846 * Fixes a reference binding to nullptr in `SdcaOptimizer`
2848 * Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
2850 * Fixes a division by 0 in `MaxPoolGradWithArgmax`
2852 * Fixes an undefined behavior in `MaxPool3DGradGrad`
2854 * Fixes a heap buffer overflow in `MaxPool3DGradGrad`
2856 * Fixes a heap buffer overflow in `AvgPool3DGrad`
2858 * Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
2860 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
2862 * Fixes a heap buffer overflow in `MaxPoolGrad`
2864 * Fixes a segfault in `CTCBeamSearchDecoder`
2866 * Fixes a heap OOB read in `tf.raw_ops.Dequantize`
2868 * Fixes a `CHECK`-fail due to integer overflow
2870 * Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
2872 * Fixes a division by zero in padding computation in TFLite
2874 * Fixes a division by zero in optimized pooling implementations in TFLite
2876 * Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
2878 * Fixes a division by zero in TFLite's implementation of `GatherNd`
2880 * Fixes a division by zero in TFLite's implementation of `TransposeConv`
2882 * Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
2884 * Fixes a null pointer dereference in TFLite's `Reshape` operator
2886 * Fixes a stack overflow due to looping TFLite subgraph
2888 * Fixes a division by zero in TFLite's implementation of `DepthToSpace`
2890 * Fixes a division by zero in TFLite's convolution code
2892 * Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
2894 * Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
2896 * Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
2898 * Fixes a division by zero in TFLite's implementation of `SVDF`
2900 * Fixes a division by zero in TFLite's implementation of `Split`
2902 * Fixes a division by zero in TFLite's implementation of `OneHot`
2904 * Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
2906 * Fixes a division by zero in TFLite's implementation of hashtable lookup
2908 * Fixes a integer overflow in TFLite concatentation
2910 * Fixes a integer overflow in TFLite memory allocation
2912 * Fixes a heap OOB write in TFLite
2914 * Fixes a heap OOB read in TFLite
2916 * Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
2918 * Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
2920 * Fixes vulnerabilities caused by incomplete validation in
2923 * Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
2925 * Fixes vulnerabilities caused by invalid validation in
2928 * Fixes a heap buffer overflow in `BandedTriangularSolve`
2930 * Fixes vulnerabilities caused by incomplete validation in
2933 * Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
2935 * Fixes a stack overflow in `ParseAttrValue` with nested tensors
2937 * Fixes a null dereference in Grappler's `TrySimplify`
2939 * Fixes a crash in `tf.transpose` with complex inputs
2941 * Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
2943 * Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
2945 * Fixes a segfault in `tf.raw_ops.ImmutableConst`
2958 This release introduces several vulnerability fixes:
2960 * Fixes a heap buffer overflow in `RaggedBinCount`
2962 * Fixes a heap out of bounds write in `RaggedBinCount`
2964 * Fixes a type confusion during tensor casts which leads to dereferencing null
2967 * Fixes a reference binding to null pointer in `MatrixDiag*` ops
2969 * Fixes a null pointer dereference via invalid Ragged Tensors
2971 * Fixes a division by zero in `Conv3D`
2973 * Fixes vulnerabilities where session operations in eager mode lead to null
2976 * Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
2978 * Fixes a segfault in `SparseCountSparseOutput`
2980 * Fixes a heap buffer overflow in `Conv3DBackprop*`
2982 * Fixes a division by 0 in `Conv3DBackprop*`
2984 * Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
2986 * Fixes a division by 0 in `Conv2DBackpropFilter`
2988 * Fixes a division by 0 in `Conv2DBackpropInput`
2990 * Fixes a division by 0 in `Conv2D`
2992 * Fixes a division by 0 in `QuantizedConv2D`
2994 * Fixes a division by 0 in `QuantizedMul`
2996 * Fixes vulnerabilities caused by invalid validation in
2999 * Fixes a heap buffer overflow caused by rounding
3001 * Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
3003 * Fixes a heap out of bounds read in `RaggedCross`
3005 * Fixes a `CHECK`-fail in `DrawBoundingBoxes`
3007 * Fixes a heap buffer overflow in `QuantizedMul`
3009 * Fixes a `CHECK`-fail in `SparseConcat`
3011 * Fixes a heap buffer overflow in `QuantizedResizeBilinear`
3013 * Fixes a heap buffer overflow in `QuantizedReshape`
3015 * Fixes a division by zero in `Conv2DBackpropFilter`
3017 * Fixes a heap buffer overflow in `Conv2DBackpropFilter`
3019 * Fixes a heap buffer overflow in `StringNGrams`
3021 * Fixes a null pointer dereference in `StringNGrams`
3023 * Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
3025 * Fixes a `CHECK`-fail in `CTCGreedyDecoder`
3027 * Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
3029 * Fixes a division by 0 in `QuantizedBiasAdd`
3031 * Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
3033 * Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
3035 * Fixes a division by 0 in `QuantizedAdd`
3037 * Fixes a division by 0 in `FractionalAvgPool`
3039 * Fixes an OOB read in `MatrixTriangularSolve`
3041 * Fixes a heap OOB in `QuantizeAndDequantizeV3`
3043 * Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
3045 * Fixes a division by 0 in `DenseCountSparseOutput`
3047 * Fixes a division by 0 in `FusedBatchNorm`
3049 * Fixes a division by 0 in `SparseMatMul`
3051 * Fixes a division by 0 in `Reverse`
3053 * Fixes a heap buffer overflow in `SparseSplit`
3055 * Fixes a heap OOB access in unicode ops
3057 * Fixes a heap buffer overflow in `RaggedTensorToTensor`
3059 * Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
3061 * Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
3063 * Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
3065 * Fixes a null pointer dereference in `EditDistance`
3067 * Fixes a null pointer dereference in `SparseFillEmptyRows`
3069 * Fixes a heap OOB access in `Dilation2DBackpropInput`
3071 * Fixes a reference binding to null in `ParameterizedTruncatedNormal`
3073 * Fixes a set of vulnerabilities caused by lack of validation in
3076 * Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
3078 * Fixes a heap out of bounds read in `RequantizationRange`
3080 * Fixes a memory corruption in `DrawBoundingBoxesV2`
3082 * Fixes a reference binding to nullptr in `SdcaOptimizer`
3084 * Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
3086 * Fixes a division by 0 in `MaxPoolGradWithArgmax`
3088 * Fixes an undefined behavior in `MaxPool3DGradGrad`
3090 * Fixes a heap buffer overflow in `MaxPool3DGradGrad`
3092 * Fixes a heap buffer overflow in `AvgPool3DGrad`
3094 * Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
3096 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
3098 * Fixes a heap buffer overflow in `MaxPoolGrad`
3100 * Fixes a segfault in `CTCBeamSearchDecoder`
3102 * Fixes a heap OOB read in `tf.raw_ops.Dequantize`
3104 * Fixes a `CHECK`-fail due to integer overflow
3106 * Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
3108 * Fixes a division by zero in padding computation in TFLite
3110 * Fixes a division by zero in optimized pooling implementations in TFLite
3112 * Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
3114 * Fixes a division by zero in TFLite's implementation of `GatherNd`
3116 * Fixes a division by zero in TFLite's implementation of `TransposeConv`
3118 * Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
3120 * Fixes a null pointer dereference in TFLite's `Reshape` operator
3122 * Fixes a stack overflow due to looping TFLite subgraph
3124 * Fixes a division by zero in TFLite's implementation of `DepthToSpace`
3126 * Fixes a division by zero in TFLite's convolution code
3128 * Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
3130 * Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
3132 * Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
3134 * Fixes a division by zero in TFLite's implementation of `SVDF`
3136 * Fixes a division by zero in TFLite's implementation of `Split`
3138 * Fixes a division by zero in TFLite's implementation of `OneHot`
3140 * Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
3142 * Fixes a division by zero in TFLite's implementation of hashtable lookup
3144 * Fixes a integer overflow in TFLite concatentation
3146 * Fixes a integer overflow in TFLite memory allocation
3148 * Fixes a heap OOB write in TFLite
3150 * Fixes a heap OOB read in TFLite
3152 * Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
3154 * Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
3156 * Fixes vulnerabilities caused by incomplete validation in
3159 * Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
3161 * Fixes vulnerabilities caused by invalid validation in
3164 * Fixes a heap buffer overflow in `BandedTriangularSolve`
3166 * Fixes vulnerabilities caused by incomplete validation in
3169 * Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
3171 * Fixes a stack overflow in `ParseAttrValue` with nested tensors
3173 * Fixes a null dereference in Grappler's `TrySimplify`
3175 * Fixes a crash in `tf.transpose` with complex inputs
3177 * Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
3179 * Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
3181 * Fixes a segfault in `tf.raw_ops.ImmutableConst`
3194 This release introduces several vulnerability fixes:
3196 * Fixes a heap buffer overflow in `RaggedBinCount`
3198 * Fixes a heap out of bounds write in `RaggedBinCount`
3200 * Fixes a type confusion during tensor casts which leads to dereferencing null
3203 * Fixes a reference binding to null pointer in `MatrixDiag*` ops
3205 * Fixes a null pointer dereference via invalid Ragged Tensors
3207 * Fixes a division by zero in `Conv3D`
3209 * Fixes vulnerabilities where session operations in eager mode lead to null
3212 * Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
3214 * Fixes a segfault in `SparseCountSparseOutput`
3216 * Fixes a heap buffer overflow in `Conv3DBackprop*`
3218 * Fixes a division by 0 in `Conv3DBackprop*`
3220 * Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
3222 * Fixes a division by 0 in `Conv2DBackpropFilter`
3224 * Fixes a division by 0 in `Conv2DBackpropInput`
3226 * Fixes a division by 0 in `Conv2D`
3228 * Fixes a division by 0 in `QuantizedConv2D`
3230 * Fixes a division by 0 in `QuantizedMul`
3232 * Fixes vulnerabilities caused by invalid validation in
3235 * Fixes a heap buffer overflow caused by rounding
3237 * Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
3239 * Fixes a heap out of bounds read in `RaggedCross`
3241 * Fixes a `CHECK`-fail in `DrawBoundingBoxes`
3243 * Fixes a heap buffer overflow in `QuantizedMul`
3245 * Fixes a `CHECK`-fail in `SparseConcat`
3247 * Fixes a heap buffer overflow in `QuantizedResizeBilinear`
3249 * Fixes a heap buffer overflow in `QuantizedReshape`
3251 * Fixes a division by zero in `Conv2DBackpropFilter`
3253 * Fixes a heap buffer overflow in `Conv2DBackpropFilter`
3255 * Fixes a heap buffer overflow in `StringNGrams`
3257 * Fixes a null pointer dereference in `StringNGrams`
3259 * Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
3261 * Fixes a `CHECK`-fail in `CTCGreedyDecoder`
3263 * Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
3265 * Fixes a division by 0 in `QuantizedBiasAdd`
3267 * Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
3269 * Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
3271 * Fixes a division by 0 in `QuantizedAdd`
3273 * Fixes a division by 0 in `FractionalAvgPool`
3275 * Fixes an OOB read in `MatrixTriangularSolve`
3277 * Fixes a heap OOB in `QuantizeAndDequantizeV3`
3279 * Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
3281 * Fixes a division by 0 in `DenseCountSparseOutput`
3283 * Fixes a division by 0 in `FusedBatchNorm`
3285 * Fixes a division by 0 in `SparseMatMul`
3287 * Fixes a division by 0 in `Reverse`
3289 * Fixes a heap buffer overflow in `SparseSplit`
3291 * Fixes a heap OOB access in unicode ops
3293 * Fixes a heap buffer overflow in `RaggedTensorToTensor`
3295 * Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
3297 * Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
3299 * Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
3301 * Fixes a null pointer dereference in `EditDistance`
3303 * Fixes a null pointer dereference in `SparseFillEmptyRows`
3305 * Fixes a heap OOB access in `Dilation2DBackpropInput`
3307 * Fixes a reference binding to null in `ParameterizedTruncatedNormal`
3309 * Fixes a set of vulnerabilities caused by lack of validation in
3312 * Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
3314 * Fixes a heap out of bounds read in `RequantizationRange`
3316 * Fixes a memory corruption in `DrawBoundingBoxesV2`
3318 * Fixes a reference binding to nullptr in `SdcaOptimizer`
3320 * Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
3322 * Fixes a division by 0 in `MaxPoolGradWithArgmax`
3324 * Fixes an undefined behavior in `MaxPool3DGradGrad`
3326 * Fixes a heap buffer overflow in `MaxPool3DGradGrad`
3328 * Fixes a heap buffer overflow in `AvgPool3DGrad`
3330 * Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
3332 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
3334 * Fixes a heap buffer overflow in `MaxPoolGrad`
3336 * Fixes a segfault in `CTCBeamSearchDecoder`
3338 * Fixes a heap OOB read in `tf.raw_ops.Dequantize`
3340 * Fixes a `CHECK`-fail due to integer overflow
3342 * Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
3344 * Fixes a division by zero in padding computation in TFLite
3346 * Fixes a division by zero in optimized pooling implementations in TFLite
3348 * Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
3350 * Fixes a division by zero in TFLite's implementation of `GatherNd`
3352 * Fixes a division by zero in TFLite's implementation of `TransposeConv`
3354 * Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
3356 * Fixes a null pointer dereference in TFLite's `Reshape` operator
3358 * Fixes a stack overflow due to looping TFLite subgraph
3360 * Fixes a division by zero in TFLite's implementation of `DepthToSpace`
3362 * Fixes a division by zero in TFLite's convolution code
3364 * Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
3366 * Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
3368 * Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
3370 * Fixes a division by zero in TFLite's implementation of `SVDF`
3372 * Fixes a division by zero in TFLite's implementation of `Split`
3374 * Fixes a division by zero in TFLite's implementation of `OneHot`
3376 * Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
3378 * Fixes a division by zero in TFLite's implementation of hashtable lookup
3380 * Fixes a integer overflow in TFLite concatentation
3382 * Fixes a integer overflow in TFLite memory allocation
3384 * Fixes a heap OOB write in TFLite
3386 * Fixes a heap OOB read in TFLite
3388 * Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
3390 * Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
3392 * Fixes vulnerabilities caused by incomplete validation in
3395 * Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
3397 * Fixes vulnerabilities caused by invalid validation in
3400 * Fixes a heap buffer overflow in `BandedTriangularSolve`
3402 * Fixes vulnerabilities caused by incomplete validation in
3405 * Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
3407 * Fixes a stack overflow in `ParseAttrValue` with nested tensors
3409 * Fixes a null dereference in Grappler's `TrySimplify`
3411 * Fixes a crash in `tf.transpose` with complex inputs
3413 * Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
3415 * Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
3417 * Fixes a segfault in `tf.raw_ops.ImmutableConst`
3430 This release introduces several vulnerability fixes:
3432 * Fixes a heap buffer overflow in `RaggedBinCount`
3434 * Fixes a heap out of bounds write in `RaggedBinCount`
3436 * Fixes a type confusion during tensor casts which leads to dereferencing null
3439 * Fixes a reference binding to null pointer in `MatrixDiag*` ops
3441 * Fixes a null pointer dereference via invalid Ragged Tensors
3443 * Fixes a division by zero in `Conv3D`
3445 * Fixes vulnerabilities where session operations in eager mode lead to null
3448 * Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
3450 * Fixes a segfault in `SparseCountSparseOutput`
3452 * Fixes a heap buffer overflow in `Conv3DBackprop*`
3454 * Fixes a division by 0 in `Conv3DBackprop*`
3456 * Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
3458 * Fixes a division by 0 in `Conv2DBackpropFilter`
3460 * Fixes a division by 0 in `Conv2DBackpropInput`
3462 * Fixes a division by 0 in `Conv2D`
3464 * Fixes a division by 0 in `QuantizedConv2D`
3466 * Fixes a division by 0 in `QuantizedMul`
3468 * Fixes vulnerabilities caused by invalid validation in
3471 * Fixes a heap buffer overflow caused by rounding
3473 * Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
3475 * Fixes a heap out of bounds read in `RaggedCross`
3477 * Fixes a `CHECK`-fail in `DrawBoundingBoxes`
3479 * Fixes a heap buffer overflow in `QuantizedMul`
3481 * Fixes a `CHECK`-fail in `SparseConcat`
3483 * Fixes a heap buffer overflow in `QuantizedResizeBilinear`
3485 * Fixes a heap buffer overflow in `QuantizedReshape`
3487 * Fixes a division by zero in `Conv2DBackpropFilter`
3489 * Fixes a heap buffer overflow in `Conv2DBackpropFilter`
3491 * Fixes a heap buffer overflow in `StringNGrams`
3493 * Fixes a null pointer dereference in `StringNGrams`
3495 * Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
3497 * Fixes a `CHECK`-fail in `CTCGreedyDecoder`
3499 * Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
3501 * Fixes a division by 0 in `QuantizedBiasAdd`
3503 * Fixes a heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
3505 * Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
3507 * Fixes a division by 0 in `QuantizedAdd`
3509 * Fixes a division by 0 in `FractionalAvgPool`
3511 * Fixes an OOB read in `MatrixTriangularSolve`
3513 * Fixes a heap OOB in `QuantizeAndDequantizeV3`
3515 * Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
3517 * Fixes a division by 0 in `DenseCountSparseOutput`
3519 * Fixes a division by 0 in `FusedBatchNorm`
3521 * Fixes a division by 0 in `SparseMatMul`
3523 * Fixes a division by 0 in `Reverse`
3525 * Fixes a heap buffer overflow in `SparseSplit`
3527 * Fixes a heap OOB access in unicode ops
3529 * Fixes a heap buffer overflow in `RaggedTensorToTensor`
3531 * Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
3533 * Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
3535 * Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
3537 * Fixes a null pointer dereference in `EditDistance`
3539 * Fixes a null pointer dereference in `SparseFillEmptyRows`
3541 * Fixes a heap OOB access in `Dilation2DBackpropInput`
3543 * Fixes a reference binding to null in `ParameterizedTruncatedNormal`
3545 * Fixes a set of vulnerabilities caused by lack of validation in
3548 * Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
3550 * Fixes a heap out of bounds read in `RequantizationRange`
3552 * Fixes a memory corruption in `DrawBoundingBoxesV2`
3554 * Fixes a reference binding to nullptr in `SdcaOptimizer`
3556 * Fixes an overflow and a denial of service in `tf.raw_ops.ReverseSequence`
3558 * Fixes a division by 0 in `MaxPoolGradWithArgmax`
3560 * Fixes an undefined behavior in `MaxPool3DGradGrad`
3562 * Fixes a heap buffer overflow in `MaxPool3DGradGrad`
3564 * Fixes a heap buffer overflow in `AvgPool3DGrad`
3566 * Fixes an undefined behavior and a `CHECK`-fail in `FractionalMaxPoolGrad`
3568 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
3570 * Fixes a heap buffer overflow in `MaxPoolGrad`
3572 * Fixes a segfault in `CTCBeamSearchDecoder`
3574 * Fixes a heap OOB read in `tf.raw_ops.Dequantize`
3576 * Fixes a `CHECK`-fail due to integer overflow
3578 * Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
3580 * Fixes a division by zero in padding computation in TFLite
3582 * Fixes a division by zero in optimized pooling implementations in TFLite
3584 * Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
3586 * Fixes a division by zero in TFLite's implementation of `GatherNd`
3588 * Fixes a division by zero in TFLite's implementation of `TransposeConv`
3590 * Fixes a heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
3592 * Fixes a null pointer dereference in TFLite's `Reshape` operator
3594 * Fixes a stack overflow due to looping TFLite subgraph
3596 * Fixes a division by zero in TFLite's implementation of `DepthToSpace`
3598 * Fixes a division by zero in TFLite's convolution code
3600 * Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
3602 * Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
3604 * Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
3606 * Fixes a division by zero in TFLite's implementation of `SVDF`
3608 * Fixes a division by zero in TFLite's implementation of `Split`
3610 * Fixes a division by zero in TFLite's implementation of `OneHot`
3612 * Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
3614 * Fixes a division by zero in TFLite's implementation of hashtable lookup
3616 * Fixes a integer overflow in TFLite concatentation
3618 * Fixes a integer overflow in TFLite memory allocation
3620 * Fixes a heap OOB write in TFLite
3622 * Fixes a heap OOB read in TFLite
3624 * Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
3626 * Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
3628 * Fixes vulnerabilities caused by incomplete validation in
3631 * Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
3633 * Fixes vulnerabilities caused by invalid validation in
3636 * Fixes a heap buffer overflow in `BandedTriangularSolve`
3638 * Fixes vulnerabilities caused by incomplete validation in
3641 * Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
3643 * Fixes a stack overflow in `ParseAttrValue` with nested tensors
3645 * Fixes a null dereference in Grappler's `TrySimplify`
3647 * Fixes a crash in `tf.transpose` with complex inputs
3649 * Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
3651 * Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
3653 * Fixes a segfault in `tf.raw_ops.ImmutableConst`
3693 * The new backend removes the redundant rescales and fixes some bugs
3742 ## Bug Fixes and Other Changes
3820 * Additional tests and fixes for ADD and SUB operators.
3949 * Fixes a heap buffer overflow in `RaggedBinCount`
3951 * Fixes a heap out of bounds write in `RaggedBinCount`
3953 * Fixes a type confusion during tensor casts which leads to dereferencing
3956 * Fixes a reference binding to null pointer in `MatrixDiag*` ops
3958 * Fixes a null pointer dereference via invalid Ragged Tensors
3960 * Fixes a division by zero in `Conv3D`
3962 * Fixes vulnerabilities where session operations in eager mode lead to
3965 * Fixes a `CHECK`-fail in `SparseCross` caused by type confusion
3967 * Fixes a segfault in `SparseCountSparseOutput`
3969 * Fixes a heap buffer overflow in `Conv3DBackprop*`
3971 * Fixes a division by 0 in `Conv3DBackprop*`
3973 * Fixes a `CHECK`-fail in `AddManySparseToTensorsMap`
3975 * Fixes a division by 0 in `Conv2DBackpropFilter`
3977 * Fixes a division by 0 in `Conv2DBackpropInput`
3979 * Fixes a division by 0 in `Conv2D`
3981 * Fixes a division by 0 in `QuantizedConv2D`
3983 * Fixes a division by 0 in `QuantizedMul`
3985 * Fixes vulnerabilities caused by invalid validation in
3988 * Fixes a heap buffer overflow caused by rounding
3990 * Fixes a `CHECK`-fail in `tf.raw_ops.EncodePng`
3992 * Fixes a heap out of bounds read in `RaggedCross`
3994 * Fixes a `CHECK`-fail in `DrawBoundingBoxes`
3996 * Fixes a heap buffer overflow in `QuantizedMul`
3998 * Fixes a `CHECK`-fail in `SparseConcat`
4000 * Fixes a heap buffer overflow in `QuantizedResizeBilinear`
4002 * Fixes a heap buffer overflow in `QuantizedReshape`
4004 * Fixes a division by zero in `Conv2DBackpropFilter`
4006 * Fixes a heap buffer overflow in `Conv2DBackpropFilter`
4008 * Fixes a heap buffer overflow in `StringNGrams`
4010 * Fixes a null pointer dereference in `StringNGrams`
4012 * Fixes a `CHECK`-fail in `QuantizeAndDequantizeV4Grad`
4014 * Fixes a `CHECK`-fail in `CTCGreedyDecoder`
4016 * Fixes a heap buffer overflow in `SparseTensorToCSRSparseMatrix`
4018 * Fixes a division by 0 in `QuantizedBiasAdd`
4020 * Fixes a heap out of bounds in
4023 * Fixes a division by 0 in `QuantizedBatchNormWithGlobalNormalization`
4025 * Fixes a division by 0 in `QuantizedAdd`
4027 * Fixes a division by 0 in `FractionalAvgPool`
4029 * Fixes an OOB read in `MatrixTriangularSolve`
4031 * Fixes a heap OOB in `QuantizeAndDequantizeV3`
4033 * Fixes a `CHECK`-failure in `UnsortedSegmentJoin`
4035 * Fixes a division by 0 in `DenseCountSparseOutput`
4037 * Fixes a division by 0 in `FusedBatchNorm`
4039 * Fixes a division by 0 in `SparseMatMul`
4041 * Fixes a division by 0 in `Reverse`
4043 * Fixes a heap buffer overflow in `SparseSplit`
4045 * Fixes a heap OOB access in unicode ops
4047 * Fixes a heap buffer overflow in `RaggedTensorToTensor`
4049 * Fixes a `CHECK`-fail in `LoadAndRemapMatrix`
4051 * Fixes a `CHECK`-fail in `tf.raw_ops.IRFFT`
4053 * Fixes a `CHECK`-fail in `tf.raw_ops.RFFT`
4055 * Fixes a null pointer dereference in `EditDistance`
4057 * Fixes a null pointer dereference in `SparseFillEmptyRows`
4059 * Fixes a heap OOB access in `Dilation2DBackpropInput`
4061 * Fixes a reference binding to null in `ParameterizedTruncatedNormal`
4063 * Fixes a set of vulnerabilities caused by lack of validation in
4066 * Fixes a heap out of bounds read in `MaxPoolGradWithArgmax`
4068 * Fixes a heap out of bounds read in `RequantizationRange`
4070 * Fixes a memory corruption in `DrawBoundingBoxesV2`
4072 * Fixes a reference binding to nullptr in `SdcaOptimizer`
4074 * Fixes an overflow and a denial of service in
4077 * Fixes a division by 0 in `MaxPoolGradWithArgmax`
4079 * Fixes an undefined behavior in `MaxPool3DGradGrad`
4081 * Fixes a heap buffer overflow in `MaxPool3DGradGrad`
4083 * Fixes a heap buffer overflow in `AvgPool3DGrad`
4085 * Fixes an undefined behavior and a `CHECK`-fail in
4088 * Fixes a heap buffer overflow in `FractionalAvgPoolGrad`
4090 * Fixes a heap buffer overflow in `MaxPoolGrad`
4092 * Fixes a segfault in `CTCBeamSearchDecoder`
4094 * Fixes a heap OOB read in `tf.raw_ops.Dequantize`
4096 * Fixes a `CHECK`-fail due to integer overflow
4098 * Fixes a heap buffer overflow and undefined behavior in `FusedBatchNorm`
4100 * Fixes a division by zero in padding computation in TFLite
4102 * Fixes a division by zero in optimized pooling implementations in TFLite
4104 * Fixes a division by zero in TFLite's implementation of `SpaceToDepth`
4106 * Fixes a division by zero in TFLite's implementation of `GatherNd`
4108 * Fixes a division by zero in TFLite's implementation of `TransposeConv`
4110 * Fixes a heap OOB read in TFLite's implementation of `Minimum` or
4113 * Fixes a null pointer dereference in TFLite's `Reshape` operator
4115 * Fixes a stack overflow due to looping TFLite subgraph
4117 * Fixes a division by zero in TFLite's implementation of `DepthToSpace`
4119 * Fixes a division by zero in TFLite's convolution code
4121 * Fixes a division by zero in TFLite's implementation of `EmbeddingLookup`
4123 * Fixes a division by zero in TFLite's implementation of `BatchToSpaceNd`
4125 * Fixes a division by zero in TFLite's implementation of `SpaceToBatchNd`
4127 * Fixes a division by zero in TFLite's implementation of `SVDF`
4129 * Fixes a division by zero in TFLite's implementation of `Split`
4131 * Fixes a division by zero in TFLite's implementation of `OneHot`
4133 * Fixes a division by zero in TFLite's implementation of `DepthwiseConv`
4135 * Fixes a division by zero in TFLite's implementation of hashtable lookup
4137 * Fixes a integer overflow in TFLite concatentation
4139 * Fixes a integer overflow in TFLite memory allocation
4141 * Fixes a heap OOB write in TFLite
4143 * Fixes a heap OOB read in TFLite
4145 * Fixes a heap OOB and null pointer dereference in `RaggedTensorToTensor`
4147 * Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
4149 * Fixes vulnerabilities caused by incomplete validation in
4152 * Fixes vulnerabilities caused by incomplete validation in `SparseReshape`
4154 * Fixes vulnerabilities caused by invalid validation in
4157 * Fixes a heap buffer overflow in `BandedTriangularSolve`
4159 * Fixes vulnerabilities caused by incomplete validation in
4162 * Fixes an interpreter crash from vulnerabilities in `tf.io.decode_raw`
4164 * Fixes a stack overflow in `ParseAttrValue` with nested tensors
4166 * Fixes a null dereference in Grappler's `TrySimplify`
4168 * Fixes a crash in `tf.transpose` with complex inputs
4170 * Fixes a crash in `tf.strings.substr` due to `CHECK`-fail
4172 * Fixes a segfault in `tf.raw_ops.SparseCountSparseOutput`
4174 * Fixes a segfault in `tf.raw_ops.ImmutableConst`
4250 ## Bug Fixes and Other Changes
4252 * Fixes an access to unitialized memory in Eigen code
4254 * Fixes a security vulnerability caused by lack of validation in
4257 * Fixes a vulnerability caused by attempting to write to immutable memory
4260 * Fixes a `CHECK`-fail in LSTM with zero-length input
4262 * Fixes a security vulnerability caused by accessing heap data outside of
4278 ## Bug Fixes and Other Changes
4280 * Fixes an access to unitialized memory in Eigen code
4282 * Fixes a security vulnerability caused by lack of validation in
4285 * Fixes a vulnerability caused by attempting to write to immutable memory
4288 * Fixes a `CHECK`-fail in LSTM with zero-length input
4290 * Fixes a security vulnerability caused by accessing heap data outside of
4306 ## Bug Fixes and Other Changes
4308 * Fixes an access to unitialized memory in Eigen code
4310 * Fixes a security vulnerability caused by lack of validation in
4313 * Fixes a vulnerability caused by attempting to write to immutable memory
4316 * Fixes a `CHECK`-fail in LSTM with zero-length input
4318 * Fixes a security vulnerability caused by accessing heap data outside of
4336 ## Bug Fixes and Other Changes
4338 * Fixes an access to unitialized memory in Eigen code
4340 * Fixes a security vulnerability caused by lack of validation in
4343 * Fixes a vulnerability caused by attempting to write to immutable memory
4346 * Fixes a `CHECK`-fail in LSTM with zero-length input
4348 * Fixes a security vulnerability caused by accessing heap data outside of
4365 ## Bug Fixes and Other Changes
4367 * Fixes an access to unitialized memory in Eigen code
4369 * Fixes a security vulnerability caused by lack of validation in
4372 * Fixes a vulnerability caused by attempting to write to immutable memory
4375 * Fixes a `CHECK`-fail in LSTM with zero-length input
4377 * Fixes a security vulnerability caused by accessing heap data outside of
4403 major improvements involve handling peer failure and many bug fixes. Please
4607 ## Bug Fixes and Other Changes
4646 * `tf.debugging.assert_shapes()` now works on `SparseTensor`s (Fixes
4734 major improvements involve handling peer failure and many bug fixes. Please
4740 * Fixes various issues with saving a distributed model.
4850 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`,
4852 * Fixes three vulnerabilities in conversion to DLPack format
4856 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
4859 * Fixes several vulnerabilities in `RaggedCountSparseOutput` and
4867 * Fixes an integer truncation vulnerability in code using the work sharder
4870 * Fixes a format string vulnerability in `tf.strings.as_string`,
4872 * Fixes segfault raised by calling session-only ops in eager mode,
4874 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`,
4876 * Fixes segfaults caused by incomplete `SavedModel` validation,
4878 * Fixes a data corruption due to a bug in negative indexing support in TFLite,
4880 * Fixes a data corruption due to dimension mismatch in TFLite,
4882 * Fixes several vulnerabilities in TFLite saved model format
4886 * Fixes several vulnerabilities in TFLite implementation of segment sum
4890 * Fixes a segfault in `tf.quantization.quantize_and_dequantize`,
4892 * Fixes an undefined behavior float cast causing a crash,
4894 * Fixes a lack of validation in `tf.raw_ops.DataFormatVecPermute` and
4898 * Fixes a crash caused by writing to read only memory region
4900 * Fixes a heap out of bounds access in filesystem globbing implementation
4961 ## Bug Fixes and Other Changes
4963 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
4965 * Fixes three vulnerabilities in conversion to DLPack format
4969 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
4972 * Fixes several vulnerabilities in `RaggedCountSparseOutput` and
4980 * Fixes an integer truncation vulnerability in code using the work sharder API
4982 * Fixes a format string vulnerability in `tf.strings.as_string`
4984 * Fixes segfault raised by calling session-only ops in eager mode
4986 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
4988 * Fixes segfaults caused by incomplete `SavedModel` validation
4990 * Fixes a data corruption due to a bug in negative indexing support in TFLite
4992 * Fixes a data corruption due to dimension mismatch in TFLite
4994 * Fixes several vulnerabilities in TFLite saved model format
4998 * Fixes several vulnerabilities in TFLite implementation of segment sum
5004 * Fixes deprecated usage of `collections` API
5010 ## Bug Fixes and Other Changes
5012 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
5014 * Fixes three vulnerabilities in conversion to DLPack format
5018 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
5021 * Fixes an integer truncation vulnerability in code using the work sharder API
5023 * Fixes a format string vulnerability in `tf.strings.as_string`
5025 * Fixes segfault raised by calling session-only ops in eager mode
5027 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
5029 * Fixes segfaults caused by incomplete `SavedModel` validation
5031 * Fixes a data corruption due to a bug in negative indexing support in TFLite
5033 * Fixes a data corruption due to dimension mismatch in TFLite
5035 * Fixes several vulnerabilities in TFLite saved model format
5039 * Fixes several vulnerabilities in TFLite implementation of segment sum
5054 * Fixes deprecated usage of `collections` API
5060 ## Bug Fixes and Other Changes
5062 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
5064 * Fixes three vulnerabilities in conversion to DLPack format
5068 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
5071 * Fixes an integer truncation vulnerability in code using the work sharder API
5073 * Fixes a format string vulnerability in `tf.strings.as_string`
5075 * Fixes segfault raised by calling session-only ops in eager mode
5077 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
5079 * Fixes segfaults caused by incomplete `SavedModel` validation
5081 * Fixes a data corruption due to a bug in negative indexing support in TFLite
5083 * Fixes a data corruption due to dimension mismatch in TFLite
5085 * Fixes several vulnerabilities in TFLite saved model format
5106 ## Bug Fixes and Other Changes
5108 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
5110 * Fixes three vulnerabilities in conversion to DLPack format
5114 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
5117 * Fixes an integer truncation vulnerability in code using the work sharder API
5119 * Fixes a format string vulnerability in `tf.strings.as_string`
5121 * Fixes segfault raised by calling session-only ops in eager mode
5123 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
5125 * Fixes segfaults caused by incomplete `SavedModel` validation
5127 * Fixes a data corruption due to a bug in negative indexing support in TFLite
5129 * Fixes a data corruption due to dimension mismatch in TFLite
5131 * Fixes several vulnerabilities in TFLite saved model format
5151 ## Bug Fixes and Other Changes
5153 * Fixes an undefined behavior causing a segfault in `tf.raw_ops.Switch`
5155 * Fixes three vulnerabilities in conversion to DLPack format
5159 * Fixes two vulnerabilities in `SparseFillEmptyRowsGrad`
5162 * Fixes an integer truncation vulnerability in code using the work sharder API
5164 * Fixes a format string vulnerability in `tf.strings.as_string`
5166 * Fixes segfault raised by calling session-only ops in eager mode
5168 * Fixes data leak and potential ASLR violation from `tf.raw_ops.StringNGrams`
5170 * Fixes segfaults caused by incomplete `SavedModel` validation
5172 * Fixes a data corruption due to a bug in negative indexing support in TFLite
5174 * Fixes a data corruption due to dimension mismatch in TFLite
5176 * Fixes several vulnerabilities in TFLite saved model format
5191 * Fixes #41630 by including `max_seq_length` in CuDNN descriptor cache key
5286 ## Bug Fixes and Other Changes
5572 * Fixes apiclient import.
5629 ## Bug Fixes and Other Changes
5648 * Fixes a versioning bug which causes Keras layers from TF 1.x to be used
5653 ## Bug Fixes and Other Changes
5675 ## Bug Fixes and Other Changes
5812 ## Bug Fixes and Other Changes
6008 ## Bug Fixes and Other Changes
6010 * Fixes a security vulnerability where converting a Python string to a
6025 ## Bug Fixes and Other Changes
6027 * Fixes a security vulnerability where converting a Python string to a
6155 ## Bug Fixes and Other Changes
6158 * Fixes concurrency issue with `tf.data.experimental.parallel_interleave`
6360 ## Bug Fixes and Other Changes
6368 * Fixes critical bugs that help with `DenseFeatures` usability in TF2
6558 * Fixes autocomplete for most TensorFlow API references by switching to use
6693 ## Bug Fixes and Other Changes
7206 ## Bug Fixes and Other Changes
7425 ## Bug Fixes and Other Changes
7434 ## Bug Fixes and Other Changes
7436 * Fixes a potential security vulnerability where carefully crafted GIF images
7462 ## Bug Fixes and Other Changes
7685 ## Bug Fixes and Other Changes
7777 ## Bug Fixes and Other Changes
7888 ## Bug Fixes and Other Changes
7936 ## Bug Fixes and Other Changes
8103 ## Bug Fixes and Other Changes
8221 ## Bug Fixes and Other Changes
8238 tf.device(“/gpu:0”)`) (Fixes #14133)
8338 ## Bug Fixes and Other Changes
8441 ## Bug Fixes and Other Changes
8589 ## Bug Fixes and Other Changes
8609 * Bug Fixes:
8734 ## Bug Fixes and Other Changes
8797 ## Bug Fixes and Other Changes
8951 ## Bug Fixes and Other Changes
8953 * Fixes `strides` and `begin` dtype mismatch when slicing using int64 Tensor
8977 * Correctness fixes for fft_length parameter to `tf.spectral.rfft` &
9055 ## Bug Fixes and Other Changes
9163 ## Bug Fixes and Other Changes
9312 ## Bug Fixes and Other Changes
9352 * Multiple tfdbg bug fixes:
9356 * Java Maven fixes for bugs with Windows installation.
9357 * Backport fixes and improvements from external keras.
9397 ## Bug Fixes and Other Changes
9401 * Google Cloud Storage fixes.
9502 ## Bug Fixes and Other Changes
9654 ## Bug Fixes and Other Changes
9726 ## Bug Fixes and Other Changes
9793 ## Bug Fixes and Other Changes
9809 * Many documentation fixes
9849 ## Bug Fixes and Other Changes
9865 * Many documentation fixes
9866 * TensorBoard fixes: graphs with only one data point, Nan values, reload
9909 ## Bug Fixes and Other Changes
9927 * Added tutorials, many documentation fixes.
9958 ## Bug Fixes and Other Changes
9969 * Improvements and fixes to Docker image.
9984 ## Bug Fixes and Other Changes
9997 * Documentation fixes and improvements
10084 ## Bug Fixes
10086 * Lots of fixes to documentation and tutorials, many contributed by the