CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-VHFM-JW2X-69J4
Vulnerability from github – Published: 2022-04-02 00:00 – Updated: 2022-04-10 00:01Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2021-35110"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-01T05:15:00Z",
"severity": "HIGH"
},
"details": "Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile",
"id": "GHSA-vhfm-jw2x-69j4",
"modified": "2022-04-10T00:01:08Z",
"published": "2022-04-02T00:00:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35110"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VHMC-97XX-RVXH
Vulnerability from github – Published: 2023-05-02 06:30 – Updated: 2024-04-04 03:45Memory corruption in Graphics while importing a file.
{
"affected": [],
"aliases": [
"CVE-2023-21665"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-02T06:15:10Z",
"severity": "HIGH"
},
"details": "Memory corruption in Graphics while importing a file.",
"id": "GHSA-vhmc-97xx-rvxh",
"modified": "2024-04-04T03:45:49Z",
"published": "2023-05-02T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21665"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJMM-QCF5-64VH
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027.
{
"affected": [],
"aliases": [
"CVE-2018-14264"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027.",
"id": "GHSA-vjmm-qcf5-64vh",
"modified": "2022-05-13T01:34:39Z",
"published": "2022-05-13T01:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14264"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-724"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRJM-4FCP-WMH3
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2022-05-13 01:25Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2011-0483"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-01-14T17:00:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
"id": "GHSA-vrjm-4fcp-wmh3",
"modified": "2022-05-13T01:25:10Z",
"published": "2022-05-13T01:25:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0483"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64674"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14706"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=68181"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/70466"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42951"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"type": "WEB",
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VVR5-VC4V-M377
Vulnerability from github – Published: 2022-05-17 00:49 – Updated: 2022-05-17 00:49Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.
{
"affected": [],
"aliases": [
"CVE-2015-3120"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-07-09T16:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK \u0026 Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3119, CVE-2015-3121, CVE-2015-3122, and CVE-2015-4433.",
"id": "GHSA-vvr5-vc4v-m377",
"modified": "2022-05-17T00:49:46Z",
"published": "2022-05-17T00:49:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3120"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201507-13"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75595"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032810"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VWGM-GWQF-Q8PX
Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2025-04-20 03:38Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
{
"affected": [],
"aliases": [
"CVE-2016-7979"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T04:29:00Z",
"severity": "CRITICAL"
},
"details": "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.",
"id": "GHSA-vwgm-gwqf-q8px",
"modified": "2025-04-20T03:38:05Z",
"published": "2022-05-14T03:55:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7979"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697190"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-31"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Bh=875a0095f37626a721c7ff57d606a0f95af03913"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3691"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/15"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95337"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXH8-PQMF-3M72
Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
{
"affected": [],
"aliases": [
"CVE-2018-16511"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-05T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.",
"id": "GHSA-vxh8-pqmf-3m72",
"modified": "2022-05-14T01:22:54Z",
"published": "2022-05-14T01:22:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16511"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3650"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=699659"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3768-1"
},
{
"type": "WEB",
"url": "https://www.artifex.com/news/ghostscript-security-resolved"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4288"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2018/q3/182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2Q4-857F-82M2
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4953"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-w2q4-857f-82m2",
"modified": "2022-05-14T00:53:29Z",
"published": "2022-05-14T00:53:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4953"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104173"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040920"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5R2-9QPC-HQGH
Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2025-04-20 03:33An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.
{
"affected": [],
"aliases": [
"CVE-2016-7617"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-20T08:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.",
"id": "GHSA-w5r2-9qpc-hqgh",
"modified": "2025-04-20T03:33:09Z",
"published": "2022-05-17T01:17:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7617"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207423"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40952"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5RC-5JQM-P8HV
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4944"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-19T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-w5rc-5jqm-p8hv",
"modified": "2022-05-13T01:06:30Z",
"published": "2022-05-13T01:06:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4944"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1367"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-16.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201806-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104101"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040840"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.