Integer Overflow Vulnerability in TFLite Model Embedding Lookup Operations

Integer Overflow Vulnerability in TFLite Model Embedding Lookup Operations

CVE-2022-23559 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version.

Learn more about our Cis Benchmark Audit For Apple Ios.