{"id":"PYSEC-2020-269","details":"TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.","aliases":["CVE-2018-21233","GHSA-h98h-8mxr-m8gx","PYSEC-2020-253","PYSEC-2020-304"],"modified":"2023-11-08T04:00:14.358694Z","published":"2020-05-04T15:15:00Z","references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md"}],"affected":[{"package":{"name":"tensorflow-cpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-cpu"},"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"49f73c55d56edffebde4bca4a407ad69c1cae433"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-269.yaml"}}],"schema_version":"1.7.3"}