CVE-2011-4349
EPSS 0.11%
Description
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
How to fix CVE-2011-4349
To remediate CVE-2011-4349, upgrade the affected package to a fixed version below.
- Debian/colord—upgrade to 0.1.15-1 or later
Is CVE-2011-4349 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.1.15-1