PT-2011-4939 · None · Colord
Published
2011-12-10
·
Updated
2024-06-15
·
CVE-2011-4349
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
colord versions prior to 0.1.15
Description
The issue concerns SQL injection vulnerabilities in the colord software. These vulnerabilities are located in the cd-mapping-db.c and cd-device-db.c files. They allow local users to execute arbitrary SQL commands through various vectors, including those related to color devices, device id, property, or profile id.
Recommendations
For versions prior to 0.1.15, update to version 0.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using the
device id, property, or profile id variables in SQL queries until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Colord