{"id":"CVE-2021-29595","details":"TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69). An attacker can craft a model such that `params-\u003eblock_size` is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2021-29595","GHSA-vf94-36g5-69v8","PYSEC-2021-232","PYSEC-2021-523","PYSEC-2021-721"],"modified":"2026-03-13T22:16:01.284132Z","published":"2021-05-14T20:15:15.207Z","related":["GHSA-vf94-36g5-69v8"],"references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vf94-36g5-69v8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"0931ea3d985bb9c8fdd054a5e29c4129623c849b"},{"introduced":"2b96f3662bd776e277f86997659e61046b56c315"},{"fixed":"cfe0c80169ae984bcdc99ff6de7444164aaa8e07"},{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"3929ffacfbef7c431e8397920d040aaf47acff19"},{"introduced":"582c8d236cb079023657287c318ff26adb239002"},{"fixed":"1923123d32ea41d92b70a27a3f6ecf0763b56f6c"},{"fixed":"106d8f4fb89335a2c52d7c895b7a7485465ca8d9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.4"},{"introduced":"2.2.0"},{"fixed":"2.2.3"},{"introduced":"2.3.0"},{"fixed":"2.3.3"},{"introduced":"2.4.0"},{"fixed":"2.4.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29595.json","vanir_signatures":[{"id":"CVE-2021-29595-00ab0190","deprecated":false,"signature_type":"Function","target":{"file":"tensorflow/lite/kernels/depth_to_space.cc","function":"Prepare"},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9","digest":{"function_hash":"194578451177904327203901424392301025277","length":1231}},{"id":"CVE-2021-29595-05dabfa2","deprecated":false,"signature_type":"Line","target":{"file":"tensorflow/lite/kernels/depth_to_space_test.cc"},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9","digest":{"line_hashes":["42775813578012526104495553326850959413","81277890545641336432130271286076822412","108175115334146511382062838843792009128","132316574750375324878129284746562130941"],"threshold":0.9}},{"id":"CVE-2021-29595-1d4d5d44","deprecated":false,"signature_type":"Function","target":{"file":"tensorflow/lite/micro/kernels/depth_to_space.cc","function":"CalculateOpData"},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9","digest":{"function_hash":"301538960950849021820420887459912007271","length":1383}},{"id":"CVE-2021-29595-96920fcc","deprecated":false,"signature_type":"Line","target":{"file":"tensorflow/lite/kernels/depth_to_space.cc"},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9","digest":{"line_hashes":["280244985891327533621452415983010945329","210684860855235161399928168550333501251","220239638636039867167793339120456197528","31353712988546551022293633415189149200"],"threshold":0.9}},{"id":"CVE-2021-29595-dab8fc78","deprecated":false,"signature_type":"Line","target":{"file":"tensorflow/lite/micro/kernels/depth_to_space.cc"},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/106d8f4fb89335a2c52d7c895b7a7485465ca8d9","digest":{"line_hashes":["253152061951772719446687539775081213378","339650318467900665491609859073298783004","3403323116876739053804579626699354398","229527051031488281638294414271267640458"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}