CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
colord_projectcolord
1.4.4
colord_projectcolord
1.4.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
colord
bookworm
1.4.6-2.2
fixed
bullseye
unimportant
sid
1.4.7-1
fixed
trixie
1.4.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
colord
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
ignored
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
colord
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 12 SP5
1.3.3-13.3.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 12 SP5
1.3.3-13.3.1
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise workstation 12 SP5
1.3.3-13.3.1
fixed
suse enterprise workstation 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise workstation 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise workstation 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise workstation 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise workstation 15 SP7
1.4.6-150600.3.8.1
fixed
colord-color-profiles
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
colord-lang
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 12 SP5
1.3.3-13.3.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 12 SP5
1.3.3-13.3.1
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise workstation 12 SP5
1.3.3-13.3.1
fixed
suse enterprise workstation 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise workstation 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise workstation 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise workstation 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise workstation 15 SP7
1.4.6-150600.3.8.1
fixed
libcolord-devel
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 12 SP5
1.3.3-13.9.2
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
libcolord2
suse enterprise sap 12 SP5
1.3.3-13.3.1
fixed
suse enterprise server 12 SP3
1.3.3-13.9.2
fixed
suse enterprise server 12 SP5
1.3.3-13.9.2
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
libcolord2-32bit
suse enterprise sap 12 SP5
1.3.3-13.3.1
fixed
suse enterprise server 12 SP3
1.3.3-13.9.2
fixed
suse enterprise server 12 SP5
1.3.3-13.9.2
fixed
libcolorhug2
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 12 SP5
1.3.3-13.3.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 12 SP3
1.3.3-13.9.2
fixed
suse enterprise server 12 SP5
1.3.3-13.9.2
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
typelib-1_0-Colord-1_0
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
typelib-1_0-Colorhug-1_0
suse enterprise desktop 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise desktop 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise desktop 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise sap 15 SP4
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise sap 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise sap 15 SP7
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP3
1.4.4-150200.4.6.1
fixed
suse enterprise server 15 SP4
1.4.5-150400.4.9.1
fixed
suse enterprise server 15 SP5
1.4.5-150400.4.3.1
fixed
suse enterprise server 15 SP6
1.4.6-150600.3.8.1
fixed
suse enterprise server 15 SP7
1.4.6-150600.3.8.1
fixed
Common Weakness Enumeration
References
https://github.com/hughsie/colord/issues/110
https://github.com/hughsie/colord/issues/110