CRITICAL Patch AvailableCVE-2023-4863

Heap Overflow in Official TensorFlow Container via Vulnerable libwebp Dependency

Discovered 11 February 2025 2 views

Overview

Official TensorFlow Docker images, widely used for ML development and deployment, were found to be vulnerable to remote code execution due to an outdated version of the `libwebp` system library. The vulnerability, tracked as CVE-2023-4863, is a critical heap buffer overflow in the lossless decompression feature of `libwebp`. An attacker could exploit this by tricking an ML application running inside the container into processing a maliciously crafted WebP image file. When the application's Python code called a library like Pillow (which uses the system's `libwebp`) to open the image, the overflow would be triggered, corrupting memory and allowing the attacker to execute arbitrary code within the container's context. This vulnerability was particularly dangerous in multi-tenant Kubernetes environments where a single compromised pod could be used to attack other pods or the underlying node. The issue highlighted the supply chain risk of relying on pre-built container images without regular security scanning and updates of their system-level dependencies. The vulnerability was discovered after a public bug bounty program for a major MLOps platform received a submission demonstrating the exploit.

Affected Systems

tensorflow/tensorflow:2.13.0Official PyTorch Docker Images < 23.09

Testing Guide

1. Run a container vulnerability scanner on your TensorFlow or PyTorch image. For example: `trivy image your-repo/your-tf-image:tag` 2. The scanner will report the presence of CVE-2023-4863 in the `libwebp7` package if the image is vulnerable. 3. A successful test will show the CVE as detected, with a fixed version available (e.g., `1.2.4-0.2ubuntu0.22.04.2` for Ubuntu 22.04).

Mitigation Steps

1. **Update Base Images**: Immediately stop using affected image tags and pull the latest versions (e.g., `tensorflow/tensorflow:latest` or specific versions newer than September 2023) that have patched system dependencies. 2. **Rebuild Custom Images**: If using affected images as a base, rebuild them after running `apt-get update && apt-get upgrade -y` to install the patched `libwebp-dev` package. 3. **Implement Image Scanning**: Integrate container image scanning tools like Trivy, Grype, or Snyk into your CI/CD pipeline to detect known CVEs in both OS packages and language-specific dependencies before deployment. 4. **Use Minimalist Images**: Whenever possible, use minimal base images (e.g., distroless or Alpine-based) to reduce the attack surface.

Patch Details

Official container images released after September 2023 include the patched version of libwebp (>=1.3.2).

Sources

← Back to vulnerabilities