CWE-704— Incorrect Type Conversion or Cast
233 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-704page 1 of 5
- CVE-2010-1822HIGHCVSS 8.8EG 8.82010-10-04
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial…
- CVE-2010-20115CRITICALCVSS 9.3EG 0.02025-08-21
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsi…
- CVE-2011-0482NONECVSS 0.0EG 0.02011-01-14
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified…
- CVE-2011-0483NONECVSS 0.0EG 0.02011-01-14
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified o…
- CVE-2011-1200NONECVSS 0.0EG 0.02011-03-11
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
- CVE-2011-1441NONECVSS 0.0EG 0.02011-05-03
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a c…
- CVE-2011-1460CRITICALCVSS 9.8EG 9.82019-11-05
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
- CVE-2011-1799NONECVSS 0.0EG 0.02011-05-16
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto…
- CVE-2011-1805HIGHCVSS 8.8EG 8.82020-06-03
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2011-2337CRITICALCVSS 9.8EG 9.82019-11-07
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
- CVE-2011-3027NONECVSS 0.0EG 0.02012-02-16
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted documen…
- CVE-2011-3036NONECVSS 0.0EG 0.02012-03-05
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted docu…
- CVE-2011-3037NONECVSS 0.0EG 0.02012-03-05
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a craf…
- CVE-2014-9627HIGHCVSS 7.8EG 7.82020-01-24
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of serv…
- CVE-2016-7398CRITICALCVSS 9.8EG 9.82019-09-06
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbi…
- CVE-2017-0037HIGHCVSS 8.1EG 9.0⚠ KEV2017-02-26
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary …
- CVE-2017-13888HIGHCVSS 7.5EG 7.52019-01-11
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
- CVE-2017-15413HIGHCVSS 8.8EG 8.82018-08-28
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2017-16745HIGHCVSS 7.8EG 7.82018-03-15
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to exec…
- CVE-2017-7813HIGHCVSS 8.2EG 8.22018-06-11
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory i…
- CVE-2017-8291HIGHCVSS 7.8EG 9.0⚠ KEV2017-04-27
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in t…
- CVE-2018-10495HIGHCVSS 8.8EG 8.82018-05-17
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open…
- CVE-2018-11623HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-12386HIGHCVSS 8.1EG 8.12018-10-18
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects …
- CVE-2018-12453HIGHCVSS 7.5EG 7.52018-06-16
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
- CVE-2018-12793MEDIUMCVSS 6.5EG 6.52018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of …
- CVE-2018-12794HIGHCVSS 8.8EG 8.82018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of …
- CVE-2018-12812CRITICALCVSS 9.8EG 9.82018-07-20
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of …
- CVE-2018-12835HIGHCVSS 7.8EG 7.82018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2018-12858HIGHCVSS 7.8EG 7.82018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2018-12876HIGHCVSS 7.8EG 7.82018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2018-14241HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14242HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14243HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14244HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14245HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14246HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14247HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14248HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14249HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14250HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14251HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14252HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14253HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14254HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14255HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14256HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14257HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14258HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2018-14259HIGHCVSS 8.8EG 8.82018-07-31
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
Map vulnerabilities like CWE-704 to your infrastructure
EchelonGraph correlates every CVE — across CWE-704 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →