CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-M22M-C5XC-V6JQ
Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2025-04-20 03:36The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
{
"affected": [],
"aliases": [
"CVE-2016-8602"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-14T18:59:00Z",
"severity": "HIGH"
},
"details": "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.",
"id": "GHSA-m22m-c5xc-v6jq",
"modified": "2025-04-20T03:36:09Z",
"published": "2022-05-14T03:55:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8602"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697203"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383940"
},
{
"type": "WEB",
"url": "https://ghostscript.com/doc/9.21/History9.htm"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-31"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=f5c7555c303"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3691"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/11/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/11/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95311"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M3CF-54JV-7MMJ
Vulnerability from github – Published: 2026-05-20 00:31 – Updated: 2026-05-20 15:35Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts.
{
"affected": [],
"aliases": [
"CVE-2023-7345"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T22:16:35Z",
"severity": "MODERATE"
},
"details": "Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts.",
"id": "GHSA-m3cf-54jv-7mmj",
"modified": "2026-05-20T15:35:25Z",
"published": "2026-05-20T00:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7345"
},
{
"type": "WEB",
"url": "https://donjon.ledger.com/lsb/020"
},
{
"type": "WEB",
"url": "https://www.ledger.com/security-bulletin"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/ledger-live-hw-app-eth-eip-712-message-parsing-integer-truncation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M673-JRM2-Q2FH
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3843"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-19T19:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.",
"id": "GHSA-m673-jrm2-q2fh",
"modified": "2022-05-13T01:02:07Z",
"published": "2022-05-13T01:02:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3843"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0526"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103942"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040733"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M7FQ-CF8Q-35Q7
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-01-23 21:21The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "crack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-1800"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:45:16Z",
"nvd_published_at": "2013-04-09T20:55:01Z",
"severity": "HIGH"
},
"details": "The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.",
"id": "GHSA-m7fq-cf8q-35q7",
"modified": "2023-01-23T21:21:34Z",
"published": "2017-10-24T18:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1800"
},
{
"type": "WEB",
"url": "https://github.com/jnunemaker/crack/commit/e3da1212a1f84a898ee3601336d1dbbf118fb5f6"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804721"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917236"
},
{
"type": "PACKAGE",
"url": "https://github.com/jnunemaker/crack"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/crack/CVE-2013-1800.yml"
},
{
"type": "WEB",
"url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20130203232028/https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "crack does not properly restrict casts of string values"
}
GHSA-M7HM-VM4X-28JF
Vulnerability from github – Published: 2026-05-04 21:25 – Updated: 2026-05-13 13:42DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key (e.g. EC), the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK database and fetches repository keys. Affected versions <= 0.30.34.
Fix: No fix available yet.
Acknowledgements
apko thanks Oleh Konko from 1seal for discovering and reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "chainguard.dev/apko"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42576"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-04T21:25:30Z",
"nvd_published_at": "2026-05-09T20:16:29Z",
"severity": "MODERATE"
},
"details": "`DiscoverKeys` in `pkg/apk/apk/implementation.go` unconditionally type-asserts JWKS keys as `*rsa.PublicKey` without checking the key type. If a repository JWKS endpoint returns a non-RSA key (e.g. EC), the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK database and fetches repository keys. Affected versions \u003c= 0.30.34.\n\n**Fix:** No fix available yet.\n\n**Acknowledgements**\n\napko thanks Oleh Konko from [1seal](https://1seal.org/) for discovering and reporting this issue.",
"id": "GHSA-m7hm-vm4x-28jf",
"modified": "2026-05-13T13:42:36Z",
"published": "2026-05-04T21:25:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/chainguard-dev/apko/security/advisories/GHSA-m7hm-vm4x-28jf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42576"
},
{
"type": "WEB",
"url": "https://github.com/chainguard-dev/apko/commit/6604826b19e36e9bc6e196592800fad93738f4a1"
},
{
"type": "PACKAGE",
"url": "https://github.com/chainguard-dev/apko"
},
{
"type": "WEB",
"url": "https://github.com/chainguard-dev/apko/releases/tag/v1.2.7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery"
}
GHSA-M9PX-QR6P-43CQ
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362.
{
"affected": [],
"aliases": [
"CVE-2018-14313"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362.",
"id": "GHSA-m9px-qr6p-43cq",
"modified": "2022-05-13T01:34:33Z",
"published": "2022-05-13T01:34:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14313"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-773"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MMC9-PWM7-QJ5W
Vulnerability from github – Published: 2021-08-25 20:56 – Updated: 2021-08-18 20:45Impact
Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. rand_core::BlockRng::next_u64 and rand_core::BlockRng::fill_bytes are affected.
Patches
The flaw was corrected by Ralf Jung and Diggory Hardy for rand_core >= 0.4.2.
Workarounds
None.
References
See Rand's changelog.
For more information
If you have any questions or comments about this advisory, open an issue in the Rand repository.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rand_core"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "rand_core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25576"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T20:45:24Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nAffected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. `rand_core::BlockRng::next_u64` and `rand_core::BlockRng::fill_bytes` are affected.\n\n### Patches\nThe flaw was corrected by Ralf Jung and Diggory Hardy for `rand_core \u003e= 0.4.2`.\n\n### Workarounds\nNone.\n\n### References\nSee [Rand\u0027s changelog](https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06).\n\n### For more information\nIf you have any questions or comments about this advisory, [open an issue in the Rand repository](https://github.com/rust-random/rand/issues/new/choose).\n\n",
"id": "GHSA-mmc9-pwm7-qj5w",
"modified": "2021-08-18T20:45:24Z",
"published": "2021-08-25T20:56:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rust-random/rand/security/advisories/GHSA-mmc9-pwm7-qj5w"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-random/rand"
},
{
"type": "WEB",
"url": "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0035.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unaligned memory access in rand_core"
}
GHSA-MPG9-JGGG-WW84
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
{
"affected": [],
"aliases": [
"CVE-2018-19019"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-22T20:29:00Z",
"severity": "HIGH"
},
"details": "A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.",
"id": "GHSA-mpg9-jggg-ww84",
"modified": "2022-05-13T01:33:36Z",
"published": "2022-05-13T01:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19019"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106654"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW6J-C5J9-XC24
Vulnerability from github – Published: 2022-06-17 00:01 – Updated: 2022-07-01 00:01In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
{
"affected": [],
"aliases": [
"CVE-2022-32547"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-16T18:15:00Z",
"severity": "HIGH"
},
"details": "In ImageMagick, there is load of misaligned address for type \u0027double\u0027, which requires 8 byte alignment and for type \u0027float\u0027, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.",
"id": "GHSA-mw6j-c5j9-xc24",
"modified": "2022-07-01T00:01:08Z",
"published": "2022-06-17T00:01:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091813"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW7Q-F9W6-RQM8
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039.
{
"affected": [],
"aliases": [
"CVE-2018-14276"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039.",
"id": "GHSA-mw7q-f9w6-rqm8",
"modified": "2022-05-13T01:34:37Z",
"published": "2022-05-13T01:34:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14276"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-736"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.