CVE-2021-42523
HIGHcolord - Information Disclosure via Unreleased sqlite3_exec Error Message
Title source: llmDescription
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/hughsie/colord/issues/110
Scores
CVSS v3
7.5
EPSS
0.0076
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-401
Status
published
Products (2)
colord_project/colord
1.4.4
colord_project/colord
1.4.5
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026