CVE-2011-4349

Name of the Vulnerable Software and Affected Versions colord versions prior to 0.1.15

Description The issue concerns SQL injection vulnerabilities in the colord software. These vulnerabilities are located in the cd-mapping-db.c and cd-device-db.c files. They allow local users to execute arbitrary SQL commands through various vectors, including those related to color devices, device id, property, or profile id.

Recommendations For versions prior to 0.1.15, update to version 0.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using the device id, property, or profile id variables in SQL queries until the issue is resolved.