--- license: mit --- # TFLite (.tflite) — Integer Overflow in Buffer offset+size Bounds Check → OOB Read **Vulnerability Class:** CWE-190 Integer Overflow → CWE-125 Out-of-bounds Read **Affected:** tensorflow/tensorflow (TFLite interpreter) @ HEAD **Status:** ASAN-verified (3 variants: SEGV, heap-buffer-overflow READ) ## Summary Integer overflow in TFLite `InterpreterBuilder` at `interpreter_builder.cc:671` — `offset + buffer->size()` wraps `uint64_t`, bypassing the bounds check. The resulting pointer `allocation_->base() + offset` goes OOB. Same pattern at line 378 for `large_custom_options_offset + large_custom_options_size`. Key factor: **InterpreterBuilder does NOT invoke the flatbuffer verifier by default.** Even the optional verifier does not validate `Buffer.offset`/`Buffer.size` fields. ## Files - `poc/harness_tflite_offset.cpp` — Self-contained ASAN harness (3 modes) - `evidence/buffer_offset_segv.txt` — ASAN log: OOB pointer access - `evidence/large_custom_options_oob.txt` — ASAN log: heap-buffer-overflow READ - `evidence/buffer_offset_heap_oob.txt` — ASAN log: heap-buffer-overflow variant - `REPORT.md` — Full vulnerability report ## Reproduction ```bash g++ -std=c++17 -fsanitize=address -g -O0 -o harness_tflite poc/harness_tflite_offset.cpp ./harness_tflite # Buffer offset overflow → OOB ./harness_tflite custom # large_custom_options overflow → heap OOB ./harness_tflite heap # near-end offset → heap-buffer-overflow READ ```