{"id":"PYSEC-2026-549","summary":"TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation","details":"### Impact\nAttackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE.\nWhen axis is larger than the dim of input, c-\u003eDim(input,axis) goes out of bound.\nSame problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Grad operations too.\n```python\nimport tensorflow as tf\n@tf.function\ndef test():\n    tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5],\n    \t\t\t\t\t\t\t\t   input_min=[1.0],\n    \t\t\t\t\t\t\t\t   input_max=[10.0],\n    \t\t\t\t\t\t\t\t   signed_input=True,\n    \t\t\t\t\t\t\t\t   num_bits=1,\n    \t\t\t\t\t\t\t\t   range_given=True,\n    \t\t\t\t\t\t\t\t   round_mode='HALF_TO_EVEN',\n    \t\t\t\t\t\t\t\t   narrow_range=True,\n    \t\t\t\t\t\t\t\t   axis=0x7fffffff)\n test()\n```\n\n\n\n### Patches\nWe have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb).\n \nThe fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n","aliases":["BIT-tensorflow-2023-25668","CVE-2023-25668","GHSA-gw97-ff7c-9v96","PYSEC-2026-548","PYSEC-2026-550"],"modified":"2026-07-01T20:23:07.029309Z","published":"2026-06-29T11:50:42.369767Z","references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25668"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"},{"type":"PACKAGE","url":"https://github.com/tensorflow/tensorflow"},{"type":"PACKAGE","url":"https://pypi.org/project/tensorflow-cpu"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-gw97-ff7c-9v96"}],"affected":[{"package":{"name":"tensorflow-cpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-cpu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.1"}]}],"versions":["1.15.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.10.0","2.10.0rc0","2.10.0rc1","2.10.0rc2","2.10.0rc3","2.10.1","2.11.0","2.11.0rc0","2.11.0rc1","2.11.0rc2","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.5.0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.5","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0","2.9.0rc0","2.9.0rc1","2.9.0rc2","2.9.1","2.9.2","2.9.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2026-549.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}