Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-FMMJ-2F3W-98J5

Vulnerability from github – Published: 2024-07-30 00:34 – Updated: 2026-04-02 21:31
VLAI
Details

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T23:15:12Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.",
  "id": "GHSA-fmmj-2f3w-98j5",
  "modified": "2026-04-02T21:31:50Z",
  "published": "2024-07-30T00:34:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40803"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120910"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120911"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120912"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214118"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214119"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214120"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214118"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214119"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214120"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FP55-JW48-C537

Vulnerability from github – Published: 2026-05-06 17:26 – Updated: 2026-05-06 17:26
VLAI
Summary
astral-tokio-tar is Vulnerable to PAX Header Desynchronization
Details

Impact

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected files onto a victim's filesystem.

See GHSA-j5gw-2vrg-8fgx for a similar desynchronization bug in astral-tokio-tar.

Patches

Versions 0.6.1 and newer of astral-tokio-tar address this differential.

Workarounds

Users are advised to upgrade to version 0.6.1 or newer to address this advisory.

There is no workaround other than upgrading. Users should experience no breaking changes as a result of the upgrade.

Resources

  • GHSA-j5gw-2vrg-8fgx is a similar PAX desynchronization bug

Attribution

  • Reporter: Adam Harvey (@lawngnome)
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.6.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "astral-tokio-tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T17:26:12Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nVersions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected files onto a victim\u0027s filesystem.\n\nSee GHSA-j5gw-2vrg-8fgx for a similar desynchronization bug in astral-tokio-tar.\n\n### Patches\n\nVersions 0.6.1 and newer of astral-tokio-tar address this differential.\n\n### Workarounds\n\nUsers are advised to upgrade to version 0.6.1 or newer to address this advisory.\n\nThere is no workaround other than upgrading. Users should experience no breaking changes as a result of the upgrade.\n\n### Resources\n\n- GHSA-j5gw-2vrg-8fgx is a similar PAX desynchronization bug\n\n### Attribution\n\n- Reporter: Adam Harvey (@lawngnome)",
  "id": "GHSA-fp55-jw48-c537",
  "modified": "2026-05-06T17:26:12Z",
  "published": "2026-05-06T17:26:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-fp55-jw48-c537"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-fp55-jw48-c537"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/astral-sh/tokio-tar"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0112.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "astral-tokio-tar is Vulnerable to PAX Header Desynchronization"
}

GHSA-FQ78-VHJ2-947Q

Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-07-11 15:30
VLAI
Details

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T21:15:53Z",
    "severity": "HIGH"
  },
  "details": "In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-fq78-vhj2-947q",
  "modified": "2024-07-11T15:30:42Z",
  "published": "2024-06-13T21:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32892"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2024-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQG5-7RJV-45WH

Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2025-04-17 21:30
VLAI
Details

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-29T04:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.",
  "id": "GHSA-fqg5-7rjv-45wh",
  "modified": "2025-04-17T21:30:38Z",
  "published": "2023-12-29T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23443"
    },
    {
      "type": "WEB",
      "url": "https://www.hihonor.com/global/security/cve-2023-23443"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQRQ-3G7C-CHVF

Vulnerability from github – Published: 2023-03-08 00:30 – Updated: 2023-03-10 21:30
VLAI
Details

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-07T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)",
  "id": "GHSA-fqrq-3g7c-chvf",
  "modified": "2023-03-10T21:30:23Z",
  "published": "2023-03-08T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1235"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1404704"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FQW6-GF59-QR4W

Vulnerability from github – Published: 2026-05-21 21:40 – Updated: 2026-05-21 21:40
VLAI
Summary
containerd user ID handling bypass allows runAsNonRoot evasion
Details

Impact

A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.1
  • 2.2.4
  • 2.0.9
  • 1.7.32

Note: The containerd 2.1 release has reached its end of life and a fixed version is not provided.

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images. Alternatively, enforcing a specific numeric runAsUser in the Kubernetes Pod securityContext overrides the USER directive in the image and prevents the bypass. Newer versions of Kubernetes, starting with 1.34, also appear to enforce runAsNonRoot properly regardless of this bug.

Credits

The containerd project would like to thank Lei Wang (@ssst0n3) for responsibly disclosing this issue in accordance with the containerd security policy.

Resources

  • https://github.com/advisories/GHSA-265r-hfxg-fhmg (CVE-2024-40635)

For more information

If there are any questions or comments about this advisory:

To report a security issue in containerd: * Report a new vulnerability * Send an email to security@containerd.io

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containerd/containerd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.27"
            },
            {
              "fixed": "1.7.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containerd/containerd/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "2.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containerd/containerd/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0-beta.0"
            },
            {
              "fixed": "2.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/containerd/containerd/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0-beta.0"
            },
            {
              "fixed": "2.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T21:40:36Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nA bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes `runAsNonRoot` restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions:\n\n* 2.3.1\n* 2.2.4\n* 2.0.9\n* 1.7.32\n\nNote: The containerd 2.1 release has reached its [end of life](https://containerd.io/releases/#current-state-of-containerd-releases) and a fixed version is not provided.\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images. Alternatively, enforcing a specific numeric `runAsUser` in the Kubernetes Pod `securityContext` overrides the `USER` directive in the image and prevents the bypass. Newer versions of Kubernetes, starting with 1.34, also appear to enforce `runAsNonRoot` properly regardless of this bug.\n\n### Credits\nThe containerd project would like to thank Lei Wang (@ssst0n3) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### Resources\n* https://github.com/advisories/GHSA-265r-hfxg-fhmg (CVE-2024-40635)\n\n### For more information\n\nIf there are any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Send an email to [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Send an email to [security@containerd.io](mailto:security@containerd.io)",
  "id": "GHSA-fqw6-gf59-qr4w",
  "modified": "2026-05-21T21:40:36Z",
  "published": "2026-05-21T21:40:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/containerd/containerd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "containerd user ID handling bypass allows runAsNonRoot evasion"
}

GHSA-FRFJ-PQ73-R9P5

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:17:12Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-frfj-pq73-r9p5",
  "modified": "2026-06-05T03:31:33Z",
  "published": "2026-06-05T00:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11076"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/499784386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FV7C-FP4J-7GWP

Vulnerability from github – Published: 2026-05-08 20:34 – Updated: 2026-06-08 23:28
VLAI
Summary
@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input
Details

Impact

Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code.

Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegates to @babel/plugin-transform-modules-systemjs

No other plugins under the @babel namespace are impacted.

Users that only compile trusted code are not impacted.

Patches

The vulnerability has been fixed in @babel/plugin-transform-modules-systemjs@7.29.4.

Babel also released @babel/preset-env@7.29.5, updating its @babel/plugin-transform-modules-systemjs dependency, to simplify forcing the update if you are using @babel/preset-env directly.

Workarounds

  • Pin @babel/parser to v7.11.5. The downgrade will completely disable string module name parsing, but it would also disable other new language features and the build pipeline may fail as a result. Only do so if you are working on a legacy codebase and can not upgrade @babel/plugin-transform-modules-systemjs to v7.29.4.
  • Do not use the modules: "systemjs" option, migrate the codebase to native ES Modules or any other module formats.

Credits

Babel thanks Daniel Cervera for reporting the vulnerability.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.29.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@babel/plugin-transform-modules-systemjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.12.0"
            },
            {
              "fixed": "7.29.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.0.0-alpha.12"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@babel/plugin-transform-modules-systemjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0-alpha.0"
            },
            {
              "fixed": "8.0.0-alpha.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44728"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T20:34:07Z",
    "nvd_published_at": "2026-05-26T18:16:50Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nUsing Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code.\n\nKnown affected plugins are:\n- `@babel/plugin-transform-modules-systemjs`\n- `@babel/preset-env` when using the [`modules: \"systemjs\"` option](https://babel.dev/docs/babel-preset-env#modules), as it delegates to `@babel/plugin-transform-modules-systemjs`\n\nNo other plugins under the `@babel` namespace are impacted.\n\n**Users that only compile trusted code are not impacted.**\n\n### Patches\n\nThe vulnerability has been fixed in `@babel/plugin-transform-modules-systemjs@7.29.4`.\n\nBabel also released `@babel/preset-env@7.29.5`, updating its `@babel/plugin-transform-modules-systemjs` dependency, to simplify forcing the update if you are using `@babel/preset-env` directly.\n\n### Workarounds\n\n- Pin `@babel/parser` to v7.11.5. The downgrade will completely disable string module name parsing, but it would also disable other new language features and the build pipeline may fail as a result. Only do so if you are working on a legacy codebase and can not upgrade `@babel/plugin-transform-modules-systemjs` to v7.29.4.\n- Do not use the `modules: \"systemjs\"` option, migrate the codebase to native ES Modules or any other module formats.\n\n### Credits\nBabel thanks Daniel Cervera for reporting the vulnerability.",
  "id": "GHSA-fv7c-fp4j-7gwp",
  "modified": "2026-06-08T23:28:08Z",
  "published": "2026-05-08T20:34:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44728"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/babel/babel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input"
}

GHSA-FVX3-7348-92QJ

Vulnerability from github – Published: 2025-11-18 00:30 – Updated: 2026-07-14 15:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-17T23:15:45Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-fvx3-7348-92qj",
  "modified": "2026-07-14T15:31:28Z",
  "published": "2025-11-18T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13223"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-470355.html"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/460017370"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-13223"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FX24-3WFX-RXHC

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42074"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:43Z",
    "severity": "HIGH"
  },
  "details": "PDF-XChange Editor addScript Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of the addScript method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21338.",
  "id": "GHSA-fx24-3wfx-rxhc",
  "modified": "2024-05-03T03:31:01Z",
  "published": "2024-05-03T03:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42074"
    },
    {
      "type": "WEB",
      "url": "https://www.tracker-software.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1376"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.