1## TFSA-2020-028: Float cast overflow undefined behavior 2 3### CVE Number 4CVE-2020-15266 5 6### Impact 7When the `boxes` argument of `tf.image.crop_and_resize` has a very large value, 8the CPU kernel implementation receives it as a C++ `nan` floating point value. 9Attempting to operate on this is undefined behavior which later produces a 10segmentation fault. 11 12### Patches 13 14We have patched the issue in 15[c0319231333f0f16e1cc75ec83660b01fedd4182](https://github.com/tensorflow/tensorflow/commit/c0319231333f0f16e1cc75ec83660b01fedd4182) 16and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly 17packages after this commit will also have the issue resolved. 18 19### For more information 20Please consult [our security 21guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 22more information regarding the security model and how to contact us with issues 23and questions. 24 25### Attribution 26This vulnerability has been reported in 27[#42129](https://github.com/tensorflow/issues/42129). 28