CVE-2021-42523
- Source
- https://cve.org/CVERecord?id=CVE-2021-42523
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42523.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-42523
- Downstream
- Related
- Published
- 2022-08-25T18:15:09.260Z
- Modified
- 2026-03-13T05:15:21.952761Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
- References
Affected packages
Git / github.com/hughsie/colord
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hughsie/colord
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.4.4" }, { "introduced": "0" }, { "last_affected": "1.4.5" } ] }
Affected versions
0.*
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.16
0.1.17
0.1.18
0.1.19
0.1.2
0.1.20
0.1.21
0.1.22
0.1.23
0.1.24
0.1.25
0.1.26
0.1.27
0.1.28
0.1.29
0.1.3
0.1.30
0.1.31
0.1.32
0.1.33
0.1.34
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
1.*
1.0.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.10
1.2.11
1.2.12
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4