chore: import upstream snapshot with attribution
cffconvert / validate (push) Has been skipped
License Check / license-check (push) Failing after 2s

This commit is contained in:
wehub-resource-sync
2026-07-13 12:14:16 +08:00
commit 8a852e4b4e
36502 changed files with 9277225 additions and 0 deletions
@@ -0,0 +1,33 @@
## TFSA-2018-002: GIF File Parsing Null Pointer Dereference Error
### CVE Number
CVE-2018-7576
### Issue Description
When parsing certain invalid GIF files, an internal function in the GIF decoder
returned a null pointer, which was subsequently used as an argument to strcat.
### Impact
A maliciously crafted GIF could be used to cause the TensorFlow process to
crash.
### Vulnerable Versions
TensorFlow 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1 1.4.1, 1.5.0, 1.5.1
### Mitigation
We have patched the vulnerability in GitHub commit
[c4843158](https://github.com/tensorflow/tensorflow/commit/c48431588e7cf8aff61d4c299231e3e925144df8).
If users are running TensorFlow in production or on untrusted data, they are
encouraged to apply this patch.
Additionally, this patch has already been integrated into TensorFlow 1.6.0 and
newer.
### Credits
This issue was discovered by the Blade Team of Tencent.