Source: armnn X-Debbugs-CC: [email protected] Severity: normal Tags: security
Hi, The following vulnerability was published for armnn. There's no other context than the references on the CVE site: CVE-2026-42627[0]: | In Arm ArmNN through 2026-03-27, an integer overflow in | TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted | TFLite model file to bypass buffer size validation and trigger a | heap-based buffer over-read during model optimization. The overflow | occurs when multiplying tensor dimensions using 32-bit unsigned | arithmetic without overflow detection, causing GetNumBytes() to | return an understated allocation size. During | Optimize()->InferOutputShapes(), the BatchToSpaceNdLayer reads | beyond the allocated buffer. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-42627 https://www.cve.org/CVERecord?id=CVE-2026-42627 Please adjust the affected versions in the BTS as needed.
