Double Free
CVE-2023-25801
Summary
TensorFlow is an open-source machine learning platform. In tensorflow versions prior to 2.11.1, "nn_ops.fractional_avg_pool_v2" and "nn_ops.fractional_max_pool_v2" require the first and fourth elements of their parameter "pooling_ratio" to be equal to 1.0, as pooling on batch and channel dimensions is not supported.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published