
TensorFlow 2.5.1 Now Available
TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications.
The newest version of TensorFlow brings a number of major features, improvements, bug fixes and other changes.
Interested in a deep learning solution?
Learn more about Exxact AI workstations starting at $3,700
Major Features and Improvements
This release introduces several vulnerability fixes:
- Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
- Fixes a floating point exception in
SparseDenseCwiseDiv
(CVE-2021-37636) - Fixes a null pointer dereference in
CompressElement
(CVE-2021-37637) - Fixes a null pointer dereference in
RaggedTensorToTensor
(CVE-2021-37638) - Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
- Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
- Fixes a division by 0 in
ResourceScatterDiv
(CVE-2021-37642) - Fixes a heap OOB in
RaggedGather
(CVE-2021-37641) - Fixes a
std::abort
raised fromTensorListReserve
(CVE-2021-37644) - Fixes a null pointer dereference in
MatrixDiagPartOp
(CVE-2021-37643) - Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
- Fixes a bad allocation error in
StringNGrams
caused by integer conversion (CVE-2021-37646) - Fixes a null pointer dereference in
SparseTensorSliceDataset
(CVE-2021-37647) - Fixes an incorrect validation of
SaveV2
inputs (CVE-2021-37648) - Fixes a null pointer dereference in
UncompressElement
(CVE-2021-37649) - Fixes a segfault and a heap buffer overflow in
{Experimental,}DatasetToTFRecord
(CVE-2021-37650) - Fixes a heap buffer overflow in
FractionalAvgPoolGrad
(CVE-2021-37651) - Fixes a use after free in boosted trees creation (CVE-2021-37652)
- Fixes a division by 0 in
ResourceGather
(CVE-2021-37653) - Fixes a heap OOB and a
CHECK
fail inResourceGather
(CVE-2021-37654) - Fixes a heap OOB in
ResourceScatterUpdate
(CVE-2021-37655) - Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToSparse
(CVE-2021-37656) - Fixes an undefined behavior arising from reference binding to nullptr in
MatrixDiagV*
ops (CVE-2021-37657) - Fixes an undefined behavior arising from reference binding to nullptr in
MatrixSetDiagV*
ops (CVE-2021-37658) - Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
- Fixes a division by 0 in inplace operations (CVE-2021-37660)
- Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
- Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
- Fixes a heap OOB in boosted trees (CVE-2021-37664)
- Fixes vulnerabilities arising from incomplete validation in
QuantizeV2
(CVE-2021-37663) - Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
- Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToVariant
(CVE-2021-37666) - Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
- Fixes an FPE in
tf.raw_ops.UnravelIndex
(CVE-2021-37668) - Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
- Fixes a heap OOB in
UpperBound
andLowerBound
(CVE-2021-37670) - Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
- Fixes a heap OOB in
SdcaOptimizerV2
(CVE-2021-37672) - Fixes a
CHECK
-fail inMapStage
(CVE-2021-37673) - Fixes a vulnerability arising from incomplete validation in
MaxPoolGrad
(CVE-2021-37674) - Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
- Fixes a division by 0 in most convolution operators (CVE-2021-37675)
- Fixes vulnerabilities arising from missing validation in shape inference for
Dequantize
(CVE-2021-37677) - Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
- Fixes a heap OOB in nested
tf.map_fn
withRaggedTensor
s (CVE-2021-37679) - Fixes a division by zero in TFLite (CVE-2021-37680)
- Fixes an NPE in TFLite (CVE-2021-37681)
- Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682)
- Fixes an FPE in TFLite division operations (CVE-2021-37683)
- Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
- Fixes an infinite loop in TFLite (CVE-2021-37686)
- Fixes a heap OOB in TFLite (CVE-2021-37685)
- Fixes a heap OOB in TFLite's
Gather*
implementations (CVE-2021-37687) - Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688)
- Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689)
- Fixes a FPE in LSH in TFLite (CVE-2021-37691)
- Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692)
- Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
- Updates
curl
to7.77.0
to handle CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, and CVE-2021-22901.
Click here to install TensorFlow 2
Download TensorFlow 2.5.1 on the GitHub page:
https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1

TensorFlow 2.5.1 Released
TensorFlow 2.5.1 Now Available
TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries, and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML-powered applications.
The newest version of TensorFlow brings a number of major features, improvements, bug fixes and other changes.
Interested in a deep learning solution?
Learn more about Exxact AI workstations starting at $3,700
Major Features and Improvements
This release introduces several vulnerability fixes:
- Fixes a heap out of bounds access in sparse reduction operations (CVE-2021-37635)
- Fixes a floating point exception in
SparseDenseCwiseDiv
(CVE-2021-37636) - Fixes a null pointer dereference in
CompressElement
(CVE-2021-37637) - Fixes a null pointer dereference in
RaggedTensorToTensor
(CVE-2021-37638) - Fixes a null pointer dereference and a heap OOB read arising from operations restoring tensors (CVE-2021-37639)
- Fixes an integer division by 0 in sparse reshaping (CVE-2021-37640)
- Fixes a division by 0 in
ResourceScatterDiv
(CVE-2021-37642) - Fixes a heap OOB in
RaggedGather
(CVE-2021-37641) - Fixes a
std::abort
raised fromTensorListReserve
(CVE-2021-37644) - Fixes a null pointer dereference in
MatrixDiagPartOp
(CVE-2021-37643) - Fixes an integer overflow due to conversion to unsigned (CVE-2021-37645)
- Fixes a bad allocation error in
StringNGrams
caused by integer conversion (CVE-2021-37646) - Fixes a null pointer dereference in
SparseTensorSliceDataset
(CVE-2021-37647) - Fixes an incorrect validation of
SaveV2
inputs (CVE-2021-37648) - Fixes a null pointer dereference in
UncompressElement
(CVE-2021-37649) - Fixes a segfault and a heap buffer overflow in
{Experimental,}DatasetToTFRecord
(CVE-2021-37650) - Fixes a heap buffer overflow in
FractionalAvgPoolGrad
(CVE-2021-37651) - Fixes a use after free in boosted trees creation (CVE-2021-37652)
- Fixes a division by 0 in
ResourceGather
(CVE-2021-37653) - Fixes a heap OOB and a
CHECK
fail inResourceGather
(CVE-2021-37654) - Fixes a heap OOB in
ResourceScatterUpdate
(CVE-2021-37655) - Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToSparse
(CVE-2021-37656) - Fixes an undefined behavior arising from reference binding to nullptr in
MatrixDiagV*
ops (CVE-2021-37657) - Fixes an undefined behavior arising from reference binding to nullptr in
MatrixSetDiagV*
ops (CVE-2021-37658) - Fixes an undefined behavior arising from reference binding to nullptr and heap OOB in binary cwise ops (CVE-2021-37659)
- Fixes a division by 0 in inplace operations (CVE-2021-37660)
- Fixes a crash caused by integer conversion to unsigned (CVE-2021-37661)
- Fixes an undefined behavior arising from reference binding to nullptr in boosted trees (CVE-2021-37662)
- Fixes a heap OOB in boosted trees (CVE-2021-37664)
- Fixes vulnerabilities arising from incomplete validation in
QuantizeV2
(CVE-2021-37663) - Fixes vulnerabilities arising from incomplete validation in MKL requantization (CVE-2021-37665)
- Fixes an undefined behavior arising from reference binding to nullptr in
RaggedTensorToVariant
(CVE-2021-37666) - Fixes an undefined behavior arising from reference binding to nullptr in unicode encoding (CVE-2021-37667)
- Fixes an FPE in
tf.raw_ops.UnravelIndex
(CVE-2021-37668) - Fixes a crash in NMS ops caused by integer conversion to unsigned (CVE-2021-37669)
- Fixes a heap OOB in
UpperBound
andLowerBound
(CVE-2021-37670) - Fixes an undefined behavior arising from reference binding to nullptr in map operations (CVE-2021-37671)
- Fixes a heap OOB in
SdcaOptimizerV2
(CVE-2021-37672) - Fixes a
CHECK
-fail inMapStage
(CVE-2021-37673) - Fixes a vulnerability arising from incomplete validation in
MaxPoolGrad
(CVE-2021-37674) - Fixes an undefined behavior arising from reference binding to nullptr in shape inference (CVE-2021-37676)
- Fixes a division by 0 in most convolution operators (CVE-2021-37675)
- Fixes vulnerabilities arising from missing validation in shape inference for
Dequantize
(CVE-2021-37677) - Fixes an arbitrary code execution due to YAML deserialization (CVE-2021-37678)
- Fixes a heap OOB in nested
tf.map_fn
withRaggedTensor
s (CVE-2021-37679) - Fixes a division by zero in TFLite (CVE-2021-37680)
- Fixes an NPE in TFLite (CVE-2021-37681)
- Fixes a vulnerability arising from use of unitialized value in TFLite (CVE-2021-37682)
- Fixes an FPE in TFLite division operations (CVE-2021-37683)
- Fixes an FPE in TFLite pooling operations (CVE-2021-37684)
- Fixes an infinite loop in TFLite (CVE-2021-37686)
- Fixes a heap OOB in TFLite (CVE-2021-37685)
- Fixes a heap OOB in TFLite's
Gather*
implementations (CVE-2021-37687) - Fixes an undefined behavior arising from null pointer dereference in TFLite (CVE-2021-37688)
- Fixes an undefined behavior arising from null pointer dereference in TFLite MLIR optimizations (CVE-2021-37689)
- Fixes a FPE in LSH in TFLite (CVE-2021-37691)
- Fixes a segfault on strings tensors with mismatched dimensions, arising in Go code (CVE-2021-37692)
- Fixes a use after free and a potential segfault in shape inference functions (CVE-2021-37690)
- Updates
curl
to7.77.0
to handle CVE-2021-22876, CVE-2021-22897, CVE-2021-22898, and CVE-2021-22901.
Click here to install TensorFlow 2
Download TensorFlow 2.5.1 on the GitHub page:
https://github.com/tensorflow/tensorflow/releases/tag/v2.5.1