{"id":"PYSEC-2020-304","details":"TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.","aliases":["CVE-2018-21233","GHSA-h98h-8mxr-m8gx","PYSEC-2020-253","PYSEC-2020-269"],"modified":"2023-11-08T04:00:14.358694Z","published":"2020-05-04T15:15:00Z","references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md"}],"affected":[{"package":{"name":"tensorflow-gpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-gpu"},"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"49f73c55d56edffebde4bca4a407ad69c1cae433"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0"}]}],"versions":["0.12.0","0.12.1","1.0.0","1.0.1","1.1.0","1.2.0","1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.5.1","1.6.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2020-304.yaml"}}],"schema_version":"1.7.3"}