CWE-704
272 CVEs • Abstraction: Class
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
CVEs (272)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Huawei 4Agassi L09hn Firmware Agassi W09hn FirmwareKobe L09ahn Firmware+1 moreMay 13, 2026 Nov 22, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that var...Show more |
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
2Adobe Redhat5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Workstation+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploi...Show more |
1Adobe 5Acrobat Acrobat DcAcrobat Reader+2 moreMay 13, 2026 Aug 11, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful...Show more |
10Canonical DebianFedoraproject+7 more18Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+15 moreMay 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a craft...Show more |
1Autotrace Project 1Autotrace May 13, 2026 May 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. |
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a c...Show more |
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first req...Show more |
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls...Show more |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges o...Show more |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial o...Show more |
1Adobe 4Acrobat Acrobat DcAcrobat Reader Dc+1 moreMay 6, 2026 Jan 11, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful...Show more |
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect...Show more |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreMay 6, 2026 Nov 8, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreMay 6, 2026 Nov 8, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
2Adobe Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreMay 6, 2026 Nov 8, 2016 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. |
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. |