How severe is CVE-2022-21741?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-21741?

This is classified as CWE-369, which is a common weakness in software security.

CVE-2022-21741 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Related Vulnerabilities

CVE-2014-8130

MEDIUM

CVSS:6.5(Medium)

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a craft...

CWE-3692014

CVE-2015-7513

MEDIUM

CVSS:6.5(Medium)

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and hos...

CWE-3692015

CVE-2015-8504

MEDIUM

CVSS:6.5(Medium)

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

CWE-3692015

CVE-2016-10506

MEDIUM

CVSS:6.5(Medium)

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (applica...

CWE-3692016

CVE-2016-3622

MEDIUM

CVSS:6.5(Medium)

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

CWE-3692016

CVE-2016-7530

MEDIUM

CVSS:6.5(Medium)

The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.

CWE-3692016