CWE-704
Incorrect Type Conversion or Cast
ClassIncomplete
Description
The product does not correctly convert an object, resource, or structure from one type to a different type.
Hierarchy (View 1000)
CVEs mapped to this weakness (16)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-20115 | Cri | 0.68 | — | 0.54 | Aug 21, 2025 | Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service. | |
| CVE-2025-41648 | Cri | 0.64 | 9.8 | 0.00 | Jul 1, 2025 | An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI. | |
| CVE-2010-1822 | Hig | 0.58 | 8.8 | 0.04 | Oct 4, 2010 | WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. | |
| CVE-2024-35303 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2024 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958) | |
| CVE-2026-40613 | Hig | 0.49 | 7.5 | 0.00 | Apr 21, 2026 | Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, this results in misaligned memory reads at ns_turn_msg.c. On ARM64 architectures (AArch64) with strict alignment enforcement, this causes a SIGBUS signal that immediately kills the turnserver process. An unauthenticated remote attacker can crash any ARM64 coturn deployment by sending a single crafted UDP packet. This vulnerability is fixed in 4.10.0. | |
| CVE-2026-34379 | Hig | 0.46 | 7.1 | 0.00 | Apr 6, 2026 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9. | |
| CVE-2025-54429 | Med | 0.45 | — | 0.00 | Jul 28, 2025 | Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030. | |
| CVE-2025-1057 | Med | 0.21 | 4.3 | 0.00 | Mar 15, 2025 | A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail. | |
| CVE-2011-3037 | 0.00 | — | 0.03 | Mar 5, 2012 | Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
| CVE-2011-3036 | 0.00 | — | 0.03 | Mar 5, 2012 | Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
| CVE-2011-3027 | 0.00 | — | 0.02 | Feb 16, 2012 | Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
| CVE-2011-1799 | 0.00 | — | 0.01 | May 16, 2011 | Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-1441 | 0.00 | — | 0.01 | May 3, 2011 | Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. | ||
| CVE-2011-1200 | 0.00 | — | 0.01 | Mar 11, 2011 | Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
| CVE-2011-0483 | 0.00 | — | 0.02 | Jan 14, 2011 | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-0482 | 0.00 | — | 0.03 | Jan 14, 2011 | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. |