← Back
CWE-704

272 CVEs • Abstraction: Class

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

JSON object

Loading...

CVEs (272)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Techsmith
1Mp4v2
Nov 21, 2024
Jul 18, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or...Show more
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.Show less
1Adobe
2Acrobat Dc
Acrobat Reader Dc
Nov 21, 2024
Jul 9, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution...Show more
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.Show less
2Adobe
Redhat
5Enterprise Linux Desktop
Enterprise Linux ServerEnterprise Linux Workstation+2 more
Nov 21, 2024
Jul 9, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1Redislabs
1Redis
Nov 21, 2024
Jun 16, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
1Mozilla
1Firefox
Nov 21, 2024
Jun 11, 2018
N/A· v4
8.2 HIGH· v3
6.4 MEDIUM· v2
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of inform...Show more
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.Show less
2Apple
Canonical
7Icloud
Iphone OsItunes+4 more
Nov 21, 2024
Jun 8, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is...Show more
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.Show less
1Apple
1Mac Os X
Nov 21, 2024
Jun 8, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.
1Foxitsoftware
2Phantompdf
Reader
Jun 17, 2026
May 24, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the t...Show more
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.Show less
2Adobe
Redhat
4Enterprise Linux Desktop
Enterprise Linux ServerEnterprise Linux Workstation+1 more
Nov 21, 2024
May 19, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Jun 17, 2026
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.Show less
1Foxitsoftware
2Foxit Reader
Phantompdf
Nov 21, 2024
May 17, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a mal...Show more
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5586.Show less
1Foxitsoftware
1Foxit Reader
Nov 21, 2024
Apr 19, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to b...Show more
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Show less
1Deltaww
1Delta Industrial Automation Screen Editor
Nov 21, 2024
Mar 15, 2018
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow...Show more
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.Show less