VYPR

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

ClassIncomplete

Description

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

This can lead to resultant weaknesses when the required properties change, such as when the product is ported to a different platform or if an interaction error (CWE-435) occurs.

Hierarchy (View 1000)

CVEs mapped to this weakness (14)

  • CVE-2026-4705CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4724CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4718HigMar 24, 2026
    risk 0.53cvss 8.1epss 0.00

    Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2025-54811HigOct 1, 2025
    risk 0.46cvss 7.1epss 0.00

    OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the…

  • CVE-2026-34549MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as…

  • CVE-2026-34547MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in…

  • CVE-2026-34537MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exec() due to invalid enum values being loaded for icSigCmmEnvVar. The issue is…

  • CVE-2026-34533MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for…

  • CVE-2026-40279LowApr 21, 2026
    risk 0.24cvss 3.7epss 0.00

    BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value ≥…

  • CVE-2026-28528MedMar 30, 2026
    risk 0.23cvss 4.6epss 0.00

    BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit…

  • CVE-2024-58350LowJun 10, 2026
    risk 0.19cvss 2.9epss 0.00

    Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during…

  • CVE-2025-55160Aug 13, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in…

  • CVE-2023-30624Apr 27, 2023
    risk 0.00cvss epss 0.00

    Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level…

  • CVE-2020-36433Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement.