CVEbaza.plSłownik CWECWE-758
Common Weakness Enumeration

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Kategoria: ClassCVE: 25
Opis

Produkt używa funkcji API, struktury danych lub innej jednostki w sposób, który opiera się na właściwościach, które nie zawsze są gwarantowane dla tej jednostki. Taka praktyka może prowadzić do nieprzewidywalnego zachowania lub podatności bezpieczeństwa zależnie od środowiska, kompilatora lub platformy.

Description (EN)

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Podatności CVE z CWE-758 (25)
9.8
CVSS
CRITICAL
CVE-2026-4705

Podatność krytyczna (CVSS 9.8) w komponencie WebRTC: Signaling przeglądarki Mozilla Firefox oraz klienta pocztowego Thunderbird. Umożliwia zdalnemu atakującemu bez uwierzytelnienia wykonanie potencjalnie groźnych operacji poprzez sieć.

pub. 2026-03-24
9.1
CVSS
CRITICAL
CVE-2026-4724

Podatność klasy CWE-758 (undefined behavior) w komponencie Audio/Video przeglądarki Firefox oraz klienta pocztowego Thunderbird umożliwia zdalnym atakującym naruszenie poufności i integralności danych bez jakiejkolwiek autoryzacji. Ocena CVSS 9.1 (Critical) wskazuje na wysoką krytyczność zagrożenia.

pub. 2026-03-24
8.8
CVSS
HIGH
CVE-2026-21677

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.

pub. 2026-01-06
8.1
CVSS
HIGH
CVE-2026-4718

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

pub. 2026-03-24
7.1
CVSS
HIGH
CVE-2026-24404

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

pub. 2026-01-24
7.1
CVSS
HIGH
CVE-2026-24407

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

pub. 2026-01-24
7.1
CVSS
HIGH
CVE-2026-24409

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

pub. 2026-01-24
7.1
CVSS
HIGH
CVE-2026-24410

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

pub. 2026-01-24
7.1
CVSS
HIGH
CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

pub. 2026-01-24
7.1
CVSS
HIGH
CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
7.1
CVSS
HIGH
CVE-2026-21685

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
7.1
CVSS
HIGH
CVE-2026-21686

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
7.1
CVSS
HIGH
CVE-2026-21687

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

pub. 2026-01-07
6.5
CVSS
MEDIUM
CVE-2024-4774

The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.

pub. 2024-05-14
6.2
CVSS
MEDIUM
CVE-2026-34533

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for icChannelFuncSignature. The issue is observable under UBSan as a “load of value … not a valid value for type icChannelFuncSignature”, indicating a type/enum value confusion scenario during ICC profile processing. This issue has been patched in version 2.3.1.6.

pub. 2026-03-31
6.2
CVSS
MEDIUM
CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exec() due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan as a “load of value … not a valid value for type icSigCmmEnvVar”, indicating an invalid enum/type value being consumed during ICC profile processing. This issue has been patched in version 2.3.1.6.

pub. 2026-03-31
6.2
CVSS
MEDIUM
CVE-2026-34547

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6.

pub. 2026-03-31
6.2
CVSS
MEDIUM
CVE-2026-34549

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift operations on icUInt32Number (unsigned 32-bit) where the shifted value “cannot be represented” in that type. This issue has been patched in version 2.3.1.6.

pub. 2026-03-31
6.1
CVSS
MEDIUM
CVE-2025-54811

OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.

pub. 2025-10-01
6.1
CVSS
MEDIUM
CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

pub. 2025-08-13
Pokazano 20 z 25 podatności
Informacje
ID: CWE-758
Typ: Class
Podatności: 25
MITRE CWE ↗
← Słownik CWE