CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-FMMJ-2F3W-98J5
Vulnerability from github – Published: 2024-07-30 00:34 – Updated: 2026-04-02 21:31A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
{
"affected": [],
"aliases": [
"CVE-2024-40803"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T23:15:12Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.",
"id": "GHSA-fmmj-2f3w-98j5",
"modified": "2026-04-02T21:31:50Z",
"published": "2024-07-30T00:34:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40803"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120910"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120911"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120912"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214120"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214120"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FP55-JW48-C537
Vulnerability from github – Published: 2026-05-06 17:26 – Updated: 2026-05-06 17:26Impact
Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected files onto a victim's filesystem.
See GHSA-j5gw-2vrg-8fgx for a similar desynchronization bug in astral-tokio-tar.
Patches
Versions 0.6.1 and newer of astral-tokio-tar address this differential.
Workarounds
Users are advised to upgrade to version 0.6.1 or newer to address this advisory.
There is no workaround other than upgrading. Users should experience no breaking changes as a result of the upgrade.
Resources
- GHSA-j5gw-2vrg-8fgx is a similar PAX desynchronization bug
Attribution
- Reporter: Adam Harvey (@lawngnome)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.6.0"
},
"package": {
"ecosystem": "crates.io",
"name": "astral-tokio-tar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T17:26:12Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nVersions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected files onto a victim\u0027s filesystem.\n\nSee GHSA-j5gw-2vrg-8fgx for a similar desynchronization bug in astral-tokio-tar.\n\n### Patches\n\nVersions 0.6.1 and newer of astral-tokio-tar address this differential.\n\n### Workarounds\n\nUsers are advised to upgrade to version 0.6.1 or newer to address this advisory.\n\nThere is no workaround other than upgrading. Users should experience no breaking changes as a result of the upgrade.\n\n### Resources\n\n- GHSA-j5gw-2vrg-8fgx is a similar PAX desynchronization bug\n\n### Attribution\n\n- Reporter: Adam Harvey (@lawngnome)",
"id": "GHSA-fp55-jw48-c537",
"modified": "2026-05-06T17:26:12Z",
"published": "2026-05-06T17:26:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-fp55-jw48-c537"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fp55-jw48-c537"
},
{
"type": "PACKAGE",
"url": "https://github.com/astral-sh/tokio-tar"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0112.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "astral-tokio-tar is Vulnerable to PAX Header Desynchronization"
}
GHSA-FQ78-VHJ2-947Q
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-07-11 15:30In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-32892"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T21:15:53Z",
"severity": "HIGH"
},
"details": "In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-fq78-vhj2-947q",
"modified": "2024-07-11T15:30:42Z",
"published": "2024-06-13T21:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32892"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FQG5-7RJV-45WH
Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2025-04-17 21:30Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
{
"affected": [],
"aliases": [
"CVE-2023-23443"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T04:15:08Z",
"severity": "MODERATE"
},
"details": "Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.",
"id": "GHSA-fqg5-7rjv-45wh",
"modified": "2025-04-17T21:30:38Z",
"published": "2023-12-29T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23443"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-23443"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FQRQ-3G7C-CHVF
Vulnerability from github – Published: 2023-03-08 00:30 – Updated: 2023-03-10 21:30Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2023-1235"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-07T22:15:00Z",
"severity": "MODERATE"
},
"details": "Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)",
"id": "GHSA-fqrq-3g7c-chvf",
"modified": "2023-03-10T21:30:23Z",
"published": "2023-03-08T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1235"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1404704"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FQW6-GF59-QR4W
Vulnerability from github – Published: 2026-05-21 21:40 – Updated: 2026-05-21 21:40Impact
A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.
Patches
This bug has been fixed in the following containerd versions:
- 2.3.1
- 2.2.4
- 2.0.9
- 1.7.32
Note: The containerd 2.1 release has reached its end of life and a fixed version is not provided.
Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used and that only trusted users have permissions to import images. Alternatively, enforcing a specific numeric runAsUser in the Kubernetes Pod securityContext overrides the USER directive in the image and prevents the bypass. Newer versions of Kubernetes, starting with 1.34, also appear to enforce runAsNonRoot properly regardless of this bug.
Credits
The containerd project would like to thank Lei Wang (@ssst0n3) for responsibly disclosing this issue in accordance with the containerd security policy.
Resources
- https://github.com/advisories/GHSA-265r-hfxg-fhmg (CVE-2024-40635)
For more information
If there are any questions or comments about this advisory:
- Open an issue in containerd
- Send an email to security@containerd.io
To report a security issue in containerd: * Report a new vulnerability * Send an email to security@containerd.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.27"
},
{
"fixed": "1.7.32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.4"
},
{
"fixed": "2.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0-beta.0"
},
{
"fixed": "2.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0-beta.0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46680"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T21:40:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nA bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes `runAsNonRoot` restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions:\n\n* 2.3.1\n* 2.2.4\n* 2.0.9\n* 1.7.32\n\nNote: The containerd 2.1 release has reached its [end of life](https://containerd.io/releases/#current-state-of-containerd-releases) and a fixed version is not provided.\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images. Alternatively, enforcing a specific numeric `runAsUser` in the Kubernetes Pod `securityContext` overrides the `USER` directive in the image and prevents the bypass. Newer versions of Kubernetes, starting with 1.34, also appear to enforce `runAsNonRoot` properly regardless of this bug.\n\n### Credits\nThe containerd project would like to thank Lei Wang (@ssst0n3) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### Resources\n* https://github.com/advisories/GHSA-265r-hfxg-fhmg (CVE-2024-40635)\n\n### For more information\n\nIf there are any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Send an email to [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Send an email to [security@containerd.io](mailto:security@containerd.io)",
"id": "GHSA-fqw6-gf59-qr4w",
"modified": "2026-05-21T21:40:36Z",
"published": "2026-05-21T21:40:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
},
{
"type": "PACKAGE",
"url": "https://github.com/containerd/containerd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "containerd user ID handling bypass allows runAsNonRoot evasion"
}
GHSA-FRFJ-PQ73-R9P5
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11076"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:12Z",
"severity": "HIGH"
},
"details": "Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-frfj-pq73-r9p5",
"modified": "2026-06-05T03:31:33Z",
"published": "2026-06-05T00:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11076"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/499784386"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FV7C-FP4J-7GWP
Vulnerability from github – Published: 2026-05-08 20:34 – Updated: 2026-06-08 23:28Impact
Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code.
Known affected plugins are:
- @babel/plugin-transform-modules-systemjs
- @babel/preset-env when using the modules: "systemjs" option, as it delegates to @babel/plugin-transform-modules-systemjs
No other plugins under the @babel namespace are impacted.
Users that only compile trusted code are not impacted.
Patches
The vulnerability has been fixed in @babel/plugin-transform-modules-systemjs@7.29.4.
Babel also released @babel/preset-env@7.29.5, updating its @babel/plugin-transform-modules-systemjs dependency, to simplify forcing the update if you are using @babel/preset-env directly.
Workarounds
- Pin
@babel/parserto v7.11.5. The downgrade will completely disable string module name parsing, but it would also disable other new language features and the build pipeline may fail as a result. Only do so if you are working on a legacy codebase and can not upgrade@babel/plugin-transform-modules-systemjsto v7.29.4. - Do not use the
modules: "systemjs"option, migrate the codebase to native ES Modules or any other module formats.
Credits
Babel thanks Daniel Cervera for reporting the vulnerability.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.29.3"
},
"package": {
"ecosystem": "npm",
"name": "@babel/plugin-transform-modules-systemjs"
},
"ranges": [
{
"events": [
{
"introduced": "7.12.0"
},
{
"fixed": "7.29.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.0-alpha.12"
},
"package": {
"ecosystem": "npm",
"name": "@babel/plugin-transform-modules-systemjs"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0-alpha.0"
},
{
"fixed": "8.0.0-alpha.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44728"
],
"database_specific": {
"cwe_ids": [
"CWE-843",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T20:34:07Z",
"nvd_published_at": "2026-05-26T18:16:50Z",
"severity": "HIGH"
},
"details": "### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-modules-systemjs`\n- `@babel/preset-env` when using the [`modules: \"systemjs\"` option](https://babel.dev/docs/babel-preset-env#modules), as it delegates to `@babel/plugin-transform-modules-systemjs`\n\nNo other plugins under the `@babel` namespace are impacted.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/plugin-transform-modules-systemjs@7.29.4`.\n\nBabel also released `@babel/preset-env@7.29.5`, updating its `@babel/plugin-transform-modules-systemjs` dependency, to simplify forcing the update if you are using `@babel/preset-env` directly.\n\n### Workarounds\n\n- Pin `@babel/parser` to v7.11.5. The downgrade will completely disable string module name parsing, but it would also disable other new language features and the build pipeline may fail as a result. Only do so if you are working on a legacy codebase and can not upgrade `@babel/plugin-transform-modules-systemjs` to v7.29.4.\n- Do not use the `modules: \"systemjs\"` option, migrate the codebase to native ES Modules or any other module formats.\n\n### Credits\nBabel thanks Daniel Cervera for reporting the vulnerability.",
"id": "GHSA-fv7c-fp4j-7gwp",
"modified": "2026-06-08T23:28:08Z",
"published": "2026-05-08T20:34:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44728"
},
{
"type": "PACKAGE",
"url": "https://github.com/babel/babel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"
}
GHSA-FVX3-7348-92QJ
Vulnerability from github – Published: 2025-11-18 00:30 – Updated: 2026-07-14 15:31Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-13223"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-17T23:15:45Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-fvx3-7348-92qj",
"modified": "2026-07-14T15:31:28Z",
"published": "2025-11-18T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13223"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-470355.html"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/460017370"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-13223"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FX24-3WFX-RXHC
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338.
{
"affected": [],
"aliases": [
"CVE-2023-42074"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:43Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338.",
"id": "GHSA-fx24-3wfx-rxhc",
"modified": "2024-05-03T03:31:01Z",
"published": "2024-05-03T03:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42074"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1376"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.