CVE-2021-31535 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Insufficient validation
Description	A security issue has been found in libx11 before version 1.7.1. XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1968	libx11	1.7.0-4	1.7.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2021	ASA-202105-12	AVG-1968	libx11	High	insufficient validation

References
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605

References

https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605