CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-XPG5-JV85-754H
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-10-22 00:31Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
{
"affected": [],
"aliases": [
"CVE-2017-0037"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-26T23:59:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.",
"id": "GHSA-xpg5-jv85-754h",
"modified": "2025-10-22T00:31:18Z",
"published": "2022-05-17T00:22:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41454"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42354"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43125"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96088"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037905"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQGG-8QQR-CMPG
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2024-03-21 03:33snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner typo, which is mishandled in the private_size*count multiplication.
{
"affected": [],
"aliases": [
"CVE-2020-11725"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u003eowner typo, which is mishandled in the private_size*count multiplication.",
"id": "GHSA-xqgg-8qqr-cmpg",
"modified": "2024-03-21T03:33:55Z",
"published": "2022-05-24T17:14:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11725"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai%40suse.de"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de"
},
{
"type": "WEB",
"url": "https://twitter.com/yabbadabbadrew/status/1248632267028582400"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV6G-M8C4-67FR
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
{
"affected": [],
"aliases": [
"CVE-2011-3037"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-03-05T19:55:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.",
"id": "GHSA-xv6g-m8c4-67fr",
"modified": "2022-05-13T01:27:17Z",
"published": "2022-05-13T01:27:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3037"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73648"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14397"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=113439"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=114924"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=115028"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/79796"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48265"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48419"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48527"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5400"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5485"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5503"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52271"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026759"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XVMR-XJ68-H5HR
Vulnerability from github – Published: 2022-05-17 00:15 – Updated: 2022-05-17 00:15An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.
{
"affected": [],
"aliases": [
"CVE-2017-16367"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-09T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.",
"id": "GHSA-xvmr-xj68-h5hr",
"modified": "2022-05-17T00:15:12Z",
"published": "2022-05-17T00:15:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16367"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101815"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.