CVE-2011-4349

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
freedesktopcolord
𝑥
≤ 0.1.14
freedesktopcolord
0.1.0
freedesktopcolord
0.1.1
freedesktopcolord
0.1.2
freedesktopcolord
0.1.3
freedesktopcolord
0.1.4
freedesktopcolord
0.1.5
freedesktopcolord
0.1.6
freedesktopcolord
0.1.7
freedesktopcolord
0.1.8
freedesktopcolord
0.1.9
freedesktopcolord
0.1.10
freedesktopcolord
0.1.11
freedesktopcolord
0.1.12
freedesktopcolord
0.1.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
colord
bookworm
1.4.6-2.2
fixed
bullseye
1.4.5-3
fixed
sid
1.4.7-1
fixed
trixie
1.4.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
colord
hardy
dne
lucid
dne
maverick
dne
natty
dne
oneiric
Fixed 0.1.12-1ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
colord
suse enterprise desktop 12
1.1.7-2.42
fixed
suse enterprise desktop 12 SP1
1.1.7-5.3
fixed
suse enterprise desktop 12 SP2
1.3.3-10.14
fixed
suse enterprise desktop 12 SP3
1.3.3-12.13
fixed
suse enterprise desktop 12 SP4
1.3.3-12.13
fixed
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 12
1.1.7-2.42
fixed
suse enterprise sap 12 SP1
1.1.7-5.3
fixed
suse enterprise sap 12 SP2
1.3.3-10.14
fixed
suse enterprise sap 12 SP3
1.3.3-12.13
fixed
suse enterprise sap 12 SP4
1.3.3-12.13
fixed
suse enterprise sap 12 SP5
1.3.3-12.13
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 12
1.1.7-2.42
fixed
suse enterprise server 12 SP1
1.1.7-5.3
fixed
suse enterprise server 12 SP2
1.3.3-10.14
fixed
suse enterprise server 12 SP3
1.3.3-12.13
fixed
suse enterprise server 12 SP4
1.3.3-12.13
fixed
suse enterprise server 12 SP5
1.3.3-12.13
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
suse enterprise workstation 12
1.1.7-2.42
fixed
suse enterprise workstation 12 SP1
1.1.7-5.3
fixed
suse enterprise workstation 12 SP2
1.3.3-10.14
fixed
suse enterprise workstation 12 SP3
1.3.3-12.13
fixed
suse enterprise workstation 12 SP4
1.3.3-12.13
fixed
suse enterprise workstation 12 SP5
1.3.3-12.13
fixed
suse enterprise workstation 15
1.4.2-1.37
fixed
suse enterprise workstation 15 SP1
1.4.2-1.37
fixed
colord-color-profiles
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
colord-gtk-lang
suse enterprise desktop 15
0.1.26-1.48
fixed
suse enterprise desktop 15 SP1
0.1.26-1.48
fixed
suse enterprise sap 12 SP5
0.1.26-6.3
fixed
suse enterprise sap 15
0.1.26-1.48
fixed
suse enterprise sap 15 SP1
0.1.26-1.48
fixed
suse enterprise server 12 SP3
0.1.26-6.3
fixed
suse enterprise server 12 SP4
0.1.26-6.3
fixed
suse enterprise server 12 SP5
0.1.26-6.3
fixed
suse enterprise server 15
0.1.26-1.48
fixed
suse enterprise server 15 SP1
0.1.26-1.48
fixed
suse enterprise workstation 15
0.1.26-1.48
fixed
suse enterprise workstation 15 SP1
0.1.26-1.48
fixed
colord-lang
suse enterprise desktop 12
1.1.7-2.42
fixed
suse enterprise desktop 12 SP1
1.1.7-5.3
fixed
suse enterprise desktop 12 SP2
1.3.3-10.14
fixed
suse enterprise desktop 12 SP3
1.3.3-12.13
fixed
suse enterprise desktop 12 SP4
1.3.3-12.13
fixed
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 12
1.1.7-2.42
fixed
suse enterprise sap 12 SP1
1.1.7-5.3
fixed
suse enterprise sap 12 SP2
1.3.3-10.14
fixed
suse enterprise sap 12 SP3
1.3.3-12.13
fixed
suse enterprise sap 12 SP4
1.3.3-12.13
fixed
suse enterprise sap 12 SP5
1.3.3-12.13
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 12
1.1.7-2.42
fixed
suse enterprise server 12 SP1
1.1.7-5.3
fixed
suse enterprise server 12 SP2
1.3.3-10.14
fixed
suse enterprise server 12 SP3
1.3.3-12.13
fixed
suse enterprise server 12 SP4
1.3.3-12.13
fixed
suse enterprise server 12 SP5
1.3.3-12.13
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
suse enterprise workstation 12
1.1.7-2.42
fixed
suse enterprise workstation 12 SP1
1.1.7-5.3
fixed
suse enterprise workstation 12 SP2
1.3.3-10.14
fixed
suse enterprise workstation 12 SP3
1.3.3-12.13
fixed
suse enterprise workstation 12 SP4
1.3.3-12.13
fixed
suse enterprise workstation 12 SP5
1.3.3-12.13
fixed
suse enterprise workstation 15
1.4.2-1.37
fixed
suse enterprise workstation 15 SP1
1.4.2-1.37
fixed
libcolord-devel
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
libcolord-gtk-devel
suse enterprise desktop 15
0.1.26-1.48
fixed
suse enterprise desktop 15 SP1
0.1.26-1.48
fixed
suse enterprise desktop 15 SP2
0.1.26-1.48
fixed
suse enterprise desktop 15 SP3
0.1.26-1.48
fixed
suse enterprise sap 15
0.1.26-1.48
fixed
suse enterprise sap 15 SP1
0.1.26-1.48
fixed
suse enterprise sap 15 SP2
0.1.26-1.48
fixed
suse enterprise sap 15 SP3
0.1.26-1.48
fixed
suse enterprise server 15
0.1.26-1.48
fixed
suse enterprise server 15 SP1
0.1.26-1.48
fixed
suse enterprise server 15 SP2
0.1.26-1.48
fixed
suse enterprise server 15 SP3
0.1.26-1.48
fixed
libcolord-gtk1
suse enterprise desktop 15
0.1.26-1.48
fixed
suse enterprise desktop 15 SP1
0.1.26-1.48
fixed
suse enterprise desktop 15 SP2
0.1.26-1.48
fixed
suse enterprise desktop 15 SP3
0.1.26-1.48
fixed
suse enterprise sap 12 SP5
0.1.26-6.3
fixed
suse enterprise sap 15
0.1.26-1.48
fixed
suse enterprise sap 15 SP1
0.1.26-1.48
fixed
suse enterprise sap 15 SP2
0.1.26-1.48
fixed
suse enterprise sap 15 SP3
0.1.26-1.48
fixed
suse enterprise server 12 SP3
0.1.26-6.3
fixed
suse enterprise server 12 SP4
0.1.26-6.3
fixed
suse enterprise server 12 SP5
0.1.26-6.3
fixed
suse enterprise server 15
0.1.26-1.48
fixed
suse enterprise server 15 SP1
0.1.26-1.48
fixed
suse enterprise server 15 SP2
0.1.26-1.48
fixed
suse enterprise server 15 SP3
0.1.26-1.48
fixed
libcolord2
suse enterprise sap 12 SP5
1.3.3-12.13
fixed
suse enterprise server 12 SP3
1.3.3-12.13
fixed
suse enterprise server 12 SP4
1.3.3-12.13
fixed
suse enterprise server 12 SP5
1.3.3-12.13
fixed
libcolord2-32bit
suse enterprise sap 12 SP5
1.3.3-12.13
fixed
suse enterprise server 12 SP3
1.3.3-12.13
fixed
suse enterprise server 12 SP4
1.3.3-12.13
fixed
suse enterprise server 12 SP5
1.3.3-12.13
fixed
libcolorhug2
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 12 SP5
1.3.3-12.13
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 12 SP3
1.3.3-12.13
fixed
suse enterprise server 12 SP4
1.3.3-12.13
fixed
suse enterprise server 12 SP5
1.3.3-12.13
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
typelib-1_0-Colord-1_0
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
typelib-1_0-ColordGtk-1_0
suse enterprise desktop 15
0.1.26-1.48
fixed
suse enterprise desktop 15 SP1
0.1.26-1.48
fixed
suse enterprise desktop 15 SP2
0.1.26-1.48
fixed
suse enterprise desktop 15 SP3
0.1.26-1.48
fixed
suse enterprise sap 15
0.1.26-1.48
fixed
suse enterprise sap 15 SP1
0.1.26-1.48
fixed
suse enterprise sap 15 SP2
0.1.26-1.48
fixed
suse enterprise sap 15 SP3
0.1.26-1.48
fixed
suse enterprise server 15
0.1.26-1.48
fixed
suse enterprise server 15 SP1
0.1.26-1.48
fixed
suse enterprise server 15 SP2
0.1.26-1.48
fixed
suse enterprise server 15 SP3
0.1.26-1.48
fixed
typelib-1_0-Colorhug-1_0
suse enterprise desktop 15
1.4.2-1.37
fixed
suse enterprise desktop 15 SP1
1.4.2-1.37
fixed
suse enterprise sap 15
1.4.2-1.37
fixed
suse enterprise sap 15 SP1
1.4.2-1.37
fixed
suse enterprise server 15
1.4.2-1.37
fixed
suse enterprise server 15 SP1
1.4.2-1.37
fixed
Common Weakness Enumeration
References
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html
http://secunia.com/advisories/46940
http://secunia.com/advisories/47160
http://ubuntu.com/usn/usn-1289-1
http://www.openwall.com/lists/oss-security/2011/11/25/3
http://www.openwall.com/lists/oss-security/2011/11/25/4
http://www.securityfocus.com/bid/50814
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.redhat.com/show_bug.cgi?id=757171
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html
http://secunia.com/advisories/46940
http://secunia.com/advisories/47160
http://ubuntu.com/usn/usn-1289-1
http://www.openwall.com/lists/oss-security/2011/11/25/3
http://www.openwall.com/lists/oss-security/2011/11/25/4
http://www.securityfocus.com/bid/50814
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.redhat.com/show_bug.cgi?id=757171