1.4.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

colord-project

CWE-401

NVD

Published: 2022-08-25

Updated: 2023-07-17

Summary

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.

Vulnerable Configurations

Part	Description	Count
Application	Colord_Project Colord Project Colord 1.4.5 Colord Project Colord 1.4.4	2

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://github.com/hughsie/colord/issues/110