CVE-2021-31535 log

Source
Severity High
Remote No
Type Insufficient validation
Description
A security issue has been found in libx11 before version 1.7.1. XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server.
Group Package Affected Fixed Severity Status Ticket
AVG-1968 libx11 1.7.0-4 1.7.1-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-12 AVG-1968 libx11 High insufficient validation
References
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605