{"id":"CVE-2021-42523","details":"There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.","modified":"2026-04-16T04:39:39.656067565Z","published":"2022-08-25T18:15:09.260Z","related":["SUSE-SU-2022:3496-1","SUSE-SU-2022:4170-1","SUSE-SU-2022:4410-1","SUSE-SU-2025:20935-1","SUSE-SU-2025:20964-1","SUSE-SU-2025:3899-1","SUSE-SU-2025:3949-1","SUSE-SU-2025:4483-1","openSUSE-SU-2024:12353-1"],"references":[{"type":"FIX","url":"https://github.com/hughsie/colord/issues/110"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hughsie/colord","events":[{"introduced":"0"},{"last_affected":"233e642f730e46e026c1fe45d36ea298de1e00fe"},{"introduced":"0"},{"last_affected":"0563117371f82420616e5e40b6a75a0b34c697c7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.4"},{"introduced":"0"},{"last_affected":"1.4.5"}]}}],"versions":["0.1.0","0.1.1","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19","0.1.2","0.1.20","0.1.21","0.1.22","0.1.23","0.1.24","0.1.25","0.1.26","0.1.27","0.1.28","0.1.29","0.1.3","0.1.30","0.1.31","0.1.32","0.1.33","0.1.34","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","1.0.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.2.0","1.2.1","1.2.10","1.2.11","1.2.12","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42523.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}