← Back
CWE-704

271 CVEs • Abstraction: Class

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

JSON object

Loading...

CVEs (271)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Color
1Iccdev
Jun 17, 2026
Jan 28, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point...Show more
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile XML parsing potentially corrupting memory structures and enabling arbitrary code execution. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable input is incorporated into ICC profile data or other structured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds are available.Show less
1Oneflow
1Oneflow
Jun 17, 2026
Jan 28, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
1Python
1Python
Jun 17, 2026
Jan 21, 2026
6.3 MEDIUM· v4
5.3 MEDIUM· v3
N/A· v2
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically...Show more
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.Show less
1Armurox
1Logging Redactor
Jun 17, 2026
Jan 8, 2026
2.0 LOW· v4
5.3 MEDIUM· v3
N/A· v2
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type e...Show more
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No known workarounds are available.Show less
1Color
1Iccdev
Jun 17, 2026
Jan 7, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusio...Show more
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.Show less
1Color
1Iccdev
Jun 17, 2026
Jan 6, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects us...Show more
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.Show less
1Google
1Chrome
Jun 17, 2026
Dec 2, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M...Show more
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)Show less
1Quickjs Project
1Quickjs
Jun 17, 2026
Oct 16, 2025
7.1 HIGH· v4
8.8 HIGH· v3
N/A· v2
A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand operand is a string. * It then attempts to convert t...Show more
A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand operand is a string. * It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf). * During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array). * The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string. This mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.Show less
2Debian
Linux
2Debian Linux
Linux Kernel
Jun 17, 2026
Sep 23, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is w...Show more
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member without checking that the union member is active (i.e. msgr1 is in use). On 64-bit systems, con->v1.auth_retry overlaps with con->v2.out_iter, so such a read is almost guaranteed to return a bogus value instead of 0 when msgr2 is in use. This ends up being fairly benign because the side effect is just the invalidation of the authorizer and successive fetching of new tickets. con->v1.connect_seq overlaps with con->v2.conn_bufs and the fact that it's being written to can cause more serious consequences, but luckily it's not something that happens often.Show less
-
-
Aug 22, 2025
Aug 21, 2025
9.3 CRITICAL· v4
N/A· v3
N/A· v2
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access d...Show more
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.Show less
-
-
Jun 17, 2026
Jul 28, 2025
6.9 MEDIUM· v4
N/A· v3
N/A· v2
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. So...Show more
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030.Show less
-
-
Jun 17, 2026
Jul 1, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
1Kunbus
1Revpi Status
Jun 17, 2026
Jun 6, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
1Linux
1Linux Kernel
Jun 17, 2026
May 1, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the...Show more
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant register. It will give these registers the type of SCALAR_VALUE. A register that will contain a pointer value at runtime, but of type SCALAR_VALUE, which may allow the unprivileged user to get a kernel pointer by storing this register into a map. Using __mark_reg_not_init() while NOT allow_ptr_leaks can mitigate this problem.Show less
1Linux
1Linux Kernel
Jun 17, 2026
May 1, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup co...Show more
In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate pci_dev devices During platform_device_register, wrongly using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev. Worse still, accessing the duplicated device leads to list corruption as its mutex content (e.g., list, magic) remains the same as the original.Show less
1Devexpress
1Devexpress
Jun 17, 2026
Apr 28, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
1Linux
1Linux Kernel
Jun 17, 2026
Apr 16, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be tran...Show more
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first verifies that a user-provided value call_pkg->nd_family of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid argument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while the lower 32 bits are zero. Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input. All checks of the input value should be applied to the original variable call_pkg->nd_family. [iweiny: update commit message]Show less
1Qualcomm
6Fastconnect 6900 Firmware
Fastconnect 7800 FirmwareSnapdragon 8 Gen 1 Mobile Platform Firmware+3 more
Jun 17, 2026
Apr 7, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Memory corruption while processing IOCTL calls.
-
-
Jun 30, 2026
Mar 15, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0....Show more
A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail.Show less
1Mattermost
1Mattermost Mobile
Jun 17, 2026
Jan 16, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.