TFLite (.tflite) β Integer Overflow in Buffer offset+size Bounds Check β OOB Read
Vulnerability Class: CWE-190 Integer Overflow β CWE-125 Out-of-bounds Read
Affected: tensorflow/tensorflow (TFLite interpreter) @ HEAD
Status: ASAN-verified (3 variants: SEGV, heap-buffer-overflow READ)
Summary
Integer overflow in TFLite InterpreterBuilder at interpreter_builder.cc:671 β
offset + buffer->size() wraps uint64_t, bypassing the bounds check. The resulting
pointer allocation_->base() + offset goes OOB. Same pattern at line 378 for
large_custom_options_offset + large_custom_options_size.
Key factor: InterpreterBuilder does NOT invoke the flatbuffer verifier by default.
Even the optional verifier does not validate Buffer.offset/Buffer.size fields.
Files
poc/harness_tflite_offset.cppβ Self-contained ASAN harness (3 modes)evidence/buffer_offset_segv.txtβ ASAN log: OOB pointer accessevidence/large_custom_options_oob.txtβ ASAN log: heap-buffer-overflow READevidence/buffer_offset_heap_oob.txtβ ASAN log: heap-buffer-overflow variantREPORT.mdβ Full vulnerability report
Reproduction
g++ -std=c++17 -fsanitize=address -g -O0 -o harness_tflite poc/harness_tflite_offset.cpp
./harness_tflite # Buffer offset overflow β OOB
./harness_tflite custom # large_custom_options overflow β heap OOB
./harness_tflite heap # near-end offset β heap-buffer-overflow READ
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support