What do Tensor Flow, Caffe and Torch have in common? Open CVEs
Dabblers with prominent artificial intelligence tools have been warned and/or reminded to check their dependencies because some have open vulnerabilities. That warning came from Qixue Xiao and Deyue Zhang (from Quihoo's 360 Security Research Lab), Kang Li (University of Georgia) and Weilin Xu (University of Virginia), who together wrote that "deep learning frameworks are complex and contain heavy dependencies on numerous open source packages" The three reached that conclusion after combing through the third-party packages used by the TensorFlow, Caffe, and Torch deep learning frameworks, and looking for any open bugs in those packages. They found quite a few and wrote that the frameworks are susceptible to denial-of-service, evasion attacks, or system compromise. Noting that this work stands as a preliminary study (The Register expects this means there's more to come), they still found a total of 15 vulnerabilities in the three frameworks. The largest number of bugs were found in the Open Source Computer Vision (opencv) code base: eleven CVEs in all, exploitable across all three attack classes.
Nov-30-2017, 08:21:21 GMT
- Country:
- North America > United States > Virginia (0.27)
- Industry:
- Information Technology > Security & Privacy (0.59)
- Technology: