Oval Definition:	oval:org.opensuse.security:def:202223587
Revision Date: 2022-06-30 Version: 1 Title: CVE-2022-23587 Description: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2022-23587 SUSE CVE-2022-23587 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information tensorflow-lite-2.9.1-1.1 is installed OR tensorflow-lite-devel-2.9.1-1.1 is installed
BACK