TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc
.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-125" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-05-13T16:01:21Z" }