{"id":"PYSEC-2026-752","summary":"Out of bounds read in Tensorflow","details":"### Impact\nThe [TFG dialect of TensorFlow (MLIR)](https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect.\n\nIf an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible.\n    \nThese issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.\n        \n### Patches\nWe have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.\n      \n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.","aliases":["BIT-tensorflow-2022-23594","CVE-2022-23594","GHSA-9x52-887g-fhc2"],"modified":"2026-07-06T08:11:11.455058965Z","published":"2026-07-02T14:13:15.201868Z","references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23594"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport"},{"type":"PACKAGE","url":"https://pypi.org/project/tensorflow-gpu"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9x52-887g-fhc2"}],"affected":[{"package":{"name":"tensorflow-gpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-gpu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.7.0"},{"fixed":"2.7.1"}]}],"versions":["2.7.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2026-752.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}