{"id":"CVE-2018-21233","details":"TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.","aliases":["GHSA-h98h-8mxr-m8gx","PYSEC-2020-253","PYSEC-2020-269","PYSEC-2020-304"],"modified":"2026-04-11T21:31:55.396412Z","published":"2020-05-04T15:15:13.480Z","references":[{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"024aecf414941e11eb643e29ceed3e1c47a115ad"},{"fixed":"49f73c55d56edffebde4bca4a407ad69c1cae433"}],"database_specific":{"cpe":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.7.0"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.6.0-rc1","v1.7.0-rc0","v1.7.0-rc1"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:31:55Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-21233.json","vanir_signatures":[{"target":{"file":"tensorflow/core/kernels/decode_bmp_op.cc"},"source":"https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433","id":"CVE-2018-21233-433640f9","digest":{"threshold":0.9,"line_hashes":["97877044402045081881509710771901653203","28952653648696910750346870597114823589","218760019552116986615914679197005461300","200286665333461273461120917545071681885","166994877315827101245699627430856038715","264319968896000964012779744868199012490","173512682855094858768514141893570360691","179551789739096835292128239127761555572","215505579386537496475241843782563655004","262251609899695293797889081034804724234","173228101149786076274078057649512127389","130884279417664182971573354004537577067","84656358142605405641352490688556126244","40054913366930676493112924903656686868"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}