CWE-704
272 CVEs • Abstraction: Class
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
CVEs (272)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and exe...Show more |
1Foxitsoftware 2Phantompdf ReaderNov 21, 2024 Jan 24, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more |
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of t...Show more |
In iOS before 11.2, a type confusion issue was addressed with improved memory handling. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreJun 17, 2026 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreJun 17, 2026 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreJun 17, 2026 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
3Artifex DebianRedhat7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Dec 20, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code i...Show more |
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. |
4Canonical GoogleLinux+1 more9Android Enterprise Linux DesktopEnterprise Linux Server+6 moreJun 17, 2026 Dec 6, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreNov 21, 2024 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while lo...Show more |
4Artifex CanonicalDebian+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. |
4Artifex CanonicalDebian+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. |
3Debian GoogleRedhat5Chrome Debian LinuxEnterprise Linux Desktop+2 moreJun 17, 2026 Nov 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. |
4Canonical DebianMozilla+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 25, 2025 Oct 18, 2018 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vul...Show more |
2Canonical Linux2Linux Kernel Ubuntu LinuxNov 21, 2024 Oct 17, 2018 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion...Show more |
1Adobe 2Acrobat Dc Acrobat Reader DcNov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...Show more |
1Adobe 2Acrobat Dc Acrobat Reader DcNov 21, 2024 Oct 12, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...Show more |