CWE-681(Incorrect Conversion between Numeric Types)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | C | — | Undetermined | — |
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-24192 | 2026-05-26 | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vu… |
| CVE-2026-26178 | 2026-04-14 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. |
| CVE-2026-34945 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, in… |
| CVE-2026-24174 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead… |
| CVE-2026-4931 | 2026-04-07 | Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost. |
| CVE-2026-34610 | 2026-04-02 | The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uin… |
| CVE-2026-34550 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccProfLib/IccIO.cpp caused by a… |
| CVE-2026-34548 | 2026-03-31 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path … |
| CVE-2026-4602 | 2026-03-23 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation o… |
| CVE-2026-27691 | 2026-02-25 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication t… |
| CVE-2026-25989 | 2026-02-24 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one… |
| CVE-2026-24856 | 2026-01-28 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue … |
| CVE-2025-71002 | 2026-01-28 | A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2026-21693 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 … |
| CVE-2026-21688 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 … |
| CVE-2026-21673 | 2026-01-06 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vuln… |
| CVE-2025-10543 | 2025-12-02 | In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead t… |
| CVE-2025-58063 | 2025-09-09 | CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used … |
| CVE-2025-53733 | 2025-08-12 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CVE-2025-24059 | 2025-03-11 | Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Sean Eidemiller | 1.0 | — | added/updated demonstrative examples |
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Description, Relationships, Taxonomy_Mappings |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Applicable_Platforms, Likelihood_of_Exploit, Potential_Mitigations |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Relationships |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences, Observed_Examples, Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Likelihood_of_Exploit, Observed_Examples, Taxonomy_Mappings, Type |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships, Type |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Applicable_Platforms |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities |