← Back
CWE-704

272 CVEs • Abstraction: Class

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

JSON object

Loading...

CVEs (272)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Omron
2Cx One
Cx Protocol
Nov 21, 2024
Jan 30, 2019
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and exe...Show more
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.Show less
1Foxitsoftware
2Phantompdf
Reader
Nov 21, 2024
Jan 24, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a mali...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819.Show less
1Omron
1Cx Supervisor
Nov 21, 2024
Jan 22, 2019
N/A· v4
7.3 HIGH· v3
6.8 MEDIUM· v2
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of t...Show more
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.Show less
1Apple
1Iphone Os
Nov 21, 2024
Jan 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
3Debian
GoogleRedhat
5Chrome
Debian LinuxEnterprise Linux Desktop+2 more
Jun 17, 2026
Jan 9, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
3Debian
GoogleRedhat
5Chrome
Debian LinuxEnterprise Linux Desktop+2 more
Jun 17, 2026
Jan 9, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
3Debian
GoogleRedhat
5Chrome
Debian LinuxEnterprise Linux Desktop+2 more
Jun 17, 2026
Jan 9, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
3Artifex
DebianRedhat
7Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+4 more
Nov 21, 2024
Dec 20, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code i...Show more
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.Show less
1Libraw
1Libraw
Jun 17, 2026
Dec 7, 2018
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
4Canonical
GoogleLinux+1 more
9Android
Enterprise Linux DesktopEnterprise Linux Server+6 more
Jun 17, 2026
Dec 6, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...Show more
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.Show less
2Adobe
Redhat
5Enterprise Linux Desktop
Enterprise Linux ServerEnterprise Linux Workstation+2 more
Nov 21, 2024
Nov 29, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
1Google
1Android
Jun 17, 2026
Nov 27, 2018
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while lo...Show more
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.Show less
4Artifex
CanonicalDebian+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 21, 2024
Nov 23, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
4Artifex
CanonicalDebian+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 21, 2024
Nov 23, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
3Debian
GoogleRedhat
5Chrome
Debian LinuxEnterprise Linux Desktop+2 more
Jun 17, 2026
Nov 14, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1Omron
1Cx Supervisor
Nov 21, 2024
Nov 5, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.
4Canonical
DebianMozilla+1 more
9Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+6 more
Nov 25, 2025
Oct 18, 2018
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vul...Show more
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.Show less
2Canonical
Linux
2Linux Kernel
Ubuntu Linux
Nov 21, 2024
Oct 17, 2018
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion...Show more
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.Show less
1Adobe
2Acrobat Dc
Acrobat Reader Dc
Nov 21, 2024
Oct 12, 2018
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...Show more
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.Show less
1Adobe
2Acrobat Dc
Acrobat Reader Dc
Nov 21, 2024
Oct 12, 2018
N/A· v4
7.8 HIGH· v3
9.3 HIGH· v2
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution...Show more
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.Show less