CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-RG2G-3GG8-F4MM
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.
{
"affected": [],
"aliases": [
"CVE-2018-14271"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.",
"id": "GHSA-rg2g-3gg8-f4mm",
"modified": "2022-05-13T01:34:38Z",
"published": "2022-05-13T01:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14271"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-731"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG34-9W25-VCJ6
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6019.
{
"affected": [],
"aliases": [
"CVE-2018-14256"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6019.",
"id": "GHSA-rg34-9w25-vcj6",
"modified": "2022-05-13T01:34:39Z",
"published": "2022-05-13T01:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14256"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-716"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG5G-H6W9-P8CJ
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 17:48In the Linux kernel, the following vulnerability has been resolved:
perf/dwc_pcie: fix duplicate pci_dev devices
During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original.
{
"affected": [],
"aliases": [
"CVE-2025-37746"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T13:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original.",
"id": "GHSA-rg5g-h6w9-p8cj",
"modified": "2025-11-05T17:48:22Z",
"published": "2025-05-01T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37746"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGCX-27FF-HX48
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683.
{
"affected": [],
"aliases": [
"CVE-2018-14317"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-30T12:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683.",
"id": "GHSA-rgcx-27ff-hx48",
"modified": "2022-05-13T01:34:32Z",
"published": "2022-05-13T01:34:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14317"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-939"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGFF-5RPC-XC3Q
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Memory corruption while processing IOCTL calls.
{
"affected": [],
"aliases": [
"CVE-2024-43058"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:48Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing IOCTL calls.",
"id": "GHSA-rgff-5rpc-xc3q",
"modified": "2025-04-07T12:33:17Z",
"published": "2025-04-07T12:33:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43058"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RH25-HPHF-C5GW
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.
{
"affected": [],
"aliases": [
"CVE-2018-9936"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.",
"id": "GHSA-rh25-hphf-c5gw",
"modified": "2022-05-13T01:31:41Z",
"published": "2022-05-13T01:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9936"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-320"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RH88-CWV2-GJXM
Vulnerability from github – Published: 2022-05-14 03:53 – Updated: 2025-10-22 00:31Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
{
"affected": [],
"aliases": [
"CVE-2017-8291"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-27T01:59:00Z",
"severity": "HIGH"
},
"details": "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.",
"id": "GHSA-rh88-cwv2-gjxm",
"modified": "2025-10-22T00:31:21Z",
"published": "2022-05-14T03:53:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1230"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697808"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446063"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1036453"
},
{
"type": "WEB",
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d"
},
{
"type": "WEB",
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201708-06"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8291"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41955"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/04/28/2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3838"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98476"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RM9Q-4WWM-GW3R
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.
{
"affected": [],
"aliases": [
"CVE-2018-14288"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.",
"id": "GHSA-rm9q-4wwm-gw3r",
"modified": "2022-05-13T01:34:36Z",
"published": "2022-05-13T01:34:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14288"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-748"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RVJX-CFJH-5MC9
Vulnerability from github – Published: 2026-01-07 19:28 – Updated: 2026-01-08 21:19Impact
Non-string types are converted into string types, leading to type errors in %d conversions.
Patches
The problem has been patched in version 0.0.6.
Workarounds
None without patching.
Resources
Issue report: https://github.com/armurox/loggingredactor/issues/7 Release: https://github.com/armurox/loggingredactor/releases/tag/0.0.6
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "loggingredactor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22041"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-07T19:28:46Z",
"nvd_published_at": "2026-01-08T15:15:45Z",
"severity": "LOW"
},
"details": "### Impact\nNon-string types are converted into string types, leading to type errors in %d conversions.\n\n### Patches\nThe problem has been patched in version 0.0.6.\n\n### Workarounds\nNone without patching.\n\n### Resources\nIssue report: https://github.com/armurox/loggingredactor/issues/7\nRelease: https://github.com/armurox/loggingredactor/releases/tag/0.0.6",
"id": "GHSA-rvjx-cfjh-5mc9",
"modified": "2026-01-08T21:19:18Z",
"published": "2026-01-07T19:28:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/armurox/loggingredactor/security/advisories/GHSA-rvjx-cfjh-5mc9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22041"
},
{
"type": "WEB",
"url": "https://github.com/armurox/loggingredactor/issues/7"
},
{
"type": "PACKAGE",
"url": "https://github.com/armurox/loggingredactor"
},
{
"type": "WEB",
"url": "https://github.com/armurox/loggingredactor/releases/tag/0.0.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "loggingredactor converts non-string types to string types in logs"
}
GHSA-RWP5-3GHW-68GM
Vulnerability from github – Published: 2022-05-17 02:22 – Updated: 2022-05-17 02:22WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
{
"affected": [],
"aliases": [
"CVE-2016-4710"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-09-25T10:59:00Z",
"severity": "HIGH"
},
"details": "WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage \"type confusion,\" a different vulnerability than CVE-2016-4709.",
"id": "GHSA-rwp5-3ghw-68gm",
"modified": "2022-05-17T02:22:15Z",
"published": "2022-05-17T02:22:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4710"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207170"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93055"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036858"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-608"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.