CVE-2021-31535
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-31535
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31535.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-31535
- Downstream
- Related
- Published
- 2021-05-27T13:15:08Z
- Modified
- 2025-10-30T10:10:42.776635Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
- References
-
- http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html
- http://seclists.org/fulldisclosure/2021/May/52
- http://www.openwall.com/lists/oss-security/2021/05/18/2
- https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
- https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html
- https://lists.freedesktop.org/archives/xorg/
- https://lists.x.org/archives/xorg-announce/2021-May/003088.html
- https://security.gentoo.org/glsa/202105-16
- https://security.netapp.com/advisory/ntap-20210813-0001/
- https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
- https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
- https://www.debian.org/security/2021/dsa-4920
- https://www.openwall.com/lists/oss-security/2021/05/18/2
- https://www.openwall.com/lists/oss-security/2021/05/18/3
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/
Affected packages
Git / github.com/mirror/libx11
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mirror/libx11
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
MODULAR_COPY
XACE-SELINUX-MERGE
XORG-6_7_99_1
XORG-6_7_99_2
XORG-6_7_99_902
XORG-6_7_99_903
XORG-6_8_1
XORG-6_8_99_10
XORG-6_8_99_13
XORG-6_8_99_14
XORG-6_8_99_15
XORG-6_8_99_6
XORG-6_8_99_7
XORG-6_8_99_9
XORG-6_8_99_900
XORG-6_8_99_901
XORG-6_8_99_902
XORG-6_8_99_903
XORG-6_99_99_900
XORG-6_99_99_901
XORG-6_99_99_902
XORG-6_99_99_903
XORG-6_99_99_904
XORG-MAIN
libX11-1_0_1
libX11-1_0_2
libX11-1_0_3
libX11-1.*
libX11-1.0.99.1
libX11-1.0.99.2
libX11-1.1
libX11-1.1-RC1
libX11-1.1-RC2
libX11-1.1.1
libX11-1.1.2
libX11-1.1.3
libX11-1.1.4
libX11-1.1.99.2
libX11-1.2
libX11-1.2.1
libX11-1.2.2
libX11-1.2.99.901
libX11-1.3
libX11-1.3.1
libX11-1.3.2
libX11-1.3.3
libX11-1.3.4
libX11-1.3.99.901
libX11-1.3.99.902
libX11-1.3.99.903
libX11-1.4.0
libX11-1.4.1
libX11-1.4.2
libX11-1.4.3
libX11-1.4.4
libX11-1.4.99.1
libX11-1.4.99.901
libX11-1.4.99.902
libX11-1.5.0
libX11-1.5.99.901
libX11-1.5.99.902
libX11-1.6.0
libX11-1.6.1
libX11-1.6.10
libX11-1.6.11
libX11-1.6.12
libX11-1.6.2
libX11-1.6.3
libX11-1.6.4
libX11-1.6.5
libX11-1.6.6
libX11-1.6.7
libX11-1.6.8
libX11-1.6.9
libX11-1.7.0
Git / gitlab.freedesktop.org/xorg/lib/libx11
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.freedesktop.org/xorg/lib/libx11
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
MODULAR_COPY
XACE-SELINUX-MERGE
XORG-6_7_99_1
XORG-6_7_99_2
XORG-6_7_99_902
XORG-6_7_99_903
XORG-6_8_1
XORG-6_8_99_10
XORG-6_8_99_13
XORG-6_8_99_14
XORG-6_8_99_15
XORG-6_8_99_6
XORG-6_8_99_7
XORG-6_8_99_9
XORG-6_8_99_900
XORG-6_8_99_901
XORG-6_8_99_902
XORG-6_8_99_903
XORG-6_99_99_900
XORG-6_99_99_901
XORG-6_99_99_902
XORG-6_99_99_903
XORG-6_99_99_904
XORG-MAIN
libX11-1_0_1
libX11-1_0_2
libX11-1_0_3
libX11-1.*
libX11-1.0.99.1
libX11-1.0.99.2
libX11-1.1
libX11-1.1-RC1
libX11-1.1-RC2
libX11-1.1.1
libX11-1.1.2
libX11-1.1.3
libX11-1.1.4
libX11-1.1.99.2
libX11-1.2
libX11-1.2.1
libX11-1.2.2
libX11-1.2.99.901
libX11-1.3
libX11-1.3.1
libX11-1.3.2
libX11-1.3.3
libX11-1.3.4
libX11-1.3.99.901
libX11-1.3.99.902
libX11-1.3.99.903
libX11-1.4.0
libX11-1.4.1
libX11-1.4.2
libX11-1.4.3
libX11-1.4.4
libX11-1.4.99.1
libX11-1.4.99.901
libX11-1.4.99.902
libX11-1.5.0
libX11-1.5.99.901
libX11-1.5.99.902
libX11-1.6.0
libX11-1.6.1
libX11-1.6.10
libX11-1.6.11
libX11-1.6.12
libX11-1.6.2
libX11-1.6.3
libX11-1.6.4
libX11-1.6.5
libX11-1.6.6
libX11-1.6.7
libX11-1.6.8
libX11-1.6.9
libX11-1.7.0
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"function": "XLookupColor",
"file": "src/LookupCol.c"
},
"id": "CVE-2021-31535-03c4294d",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "194779545851206938191317774910667006767",
"length": 1204.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XStoreNamedColor",
"file": "src/StNColor.c"
},
"id": "CVE-2021-31535-06c7a3b3",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "57596708029533598651365206010640559677",
"length": 805.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/SetFPath.c"
},
"id": "CVE-2021-31535-06ff8958",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50740766647139537254525501348017655566",
"191720514066239136195297291948358165596",
"236735166600612026233734810992458744372",
"175250586613470016533022889582037947246",
"15820597583791618870090057761206061612",
"323884454437786854138380526354199915375"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XSetClassHint",
"file": "src/SetHints.c"
},
"id": "CVE-2021-31535-0ed22727",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "339492935456616761875859918177051278716",
"length": 560.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XAllocNamedColor",
"file": "src/GetColor.c"
},
"id": "CVE-2021-31535-1452889a",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "272229315376601560145787171691278513077",
"length": 1283.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/Font.c"
},
"id": "CVE-2021-31535-174c0404",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16257440484568987506901834172546690453",
"29592823987098147533264154119221098212",
"150231721246991869990294808332596117824",
"277939570852743938313382357778705813908",
"23540310715949143903583714386511684886",
"41702074481376957366942239806873386079",
"301186063222482847227854460083028620096"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XQueryExtension",
"file": "src/QuExt.c"
},
"id": "CVE-2021-31535-17f9abb4",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "3273904504419152404817559787134880597",
"length": 578.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XSetStandardProperties",
"file": "src/SetHints.c"
},
"id": "CVE-2021-31535-1bc3c9c8",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "141049300835485479325261718068060773376",
"length": 690.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/ParseCol.c"
},
"id": "CVE-2021-31535-2ce993a7",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262504001726064536913730362978503461039",
"21668516314201488491497005893235019520",
"36409840772859001858509127713312563951",
"121881950064672761746840297912490311066",
"313441283645575752615977181693896599727",
"28234959273533793541662092506365956772",
"79396196360508823037340879876919941591"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "_XF86LoadQueryLocaleFont",
"file": "src/Font.c"
},
"id": "CVE-2021-31535-30877076",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "93291342007330628588149580812011790579",
"length": 1286.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XSetCommand",
"file": "src/SetHints.c"
},
"id": "CVE-2021-31535-3311e1dc",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "24684718490872317656076989888444743713",
"length": 601.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/FontNames.c"
},
"id": "CVE-2021-31535-3c5cab0b",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"183540688237464359359532939193636150510",
"208313404388619166471369205993232785091",
"321610926566339078421915125242385029692"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XLoadFont",
"file": "src/LoadFont.c"
},
"id": "CVE-2021-31535-46f466a4",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "22089373937851375930563966087998802849",
"length": 467.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/SetHints.c"
},
"id": "CVE-2021-31535-545aeb71",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"31863458945747855404031146347807020032",
"68961041533426996369863547461183352412",
"274053626768630293049051151122532135454",
"296874047534542534430039836340292501045",
"93929287736250484024689755957198032316",
"225080581754741922607453415960086415678",
"3073408934216278589773249814016384519",
"100731358177687282697573601294506188442",
"193296163577986555494456534927255038395",
"288803370994506060175970321761736290351",
"279794168693008621650904745261952586639",
"236622881049090339554616567627678831237",
"177867807698317477636841312789999896209",
"102973379653873905648734011320756338553"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XSetIconName",
"file": "src/StName.c"
},
"id": "CVE-2021-31535-5af3990e",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "30583031230923752344114699184738534690",
"length": 247.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/LookupCol.c"
},
"id": "CVE-2021-31535-5df119da",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262504001726064536913730362978503461039",
"21668516314201488491497005893235019520",
"36409840772859001858509127713312563951",
"158614489178553825387838154785007706854",
"268358346475244183936174525433343488558",
"207217743611472631402677607440911295277",
"8086225728994918271076276047011540756",
"296162282267076243929351581204304500884",
"44473234487433654380309193110288885415",
"167551788482031049547736823666537207774"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/StNColor.c"
},
"id": "CVE-2021-31535-60990db3",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262504001726064536913730362978503461039",
"21668516314201488491497005893235019520",
"36409840772859001858509127713312563951",
"318148898277984628551132884954917923508",
"230272514686543693188884383879003345375",
"223308178260587010079595248684064479913"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/GetColor.c"
},
"id": "CVE-2021-31535-67d32a13",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"262504001726064536913730362978503461039",
"21668516314201488491497005893235019520",
"36409840772859001858509127713312563951",
"291984676250480342888077324157364398308",
"24052841096178241101704599061165452902",
"27834934316003449013620342270320311669"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/StName.c"
},
"id": "CVE-2021-31535-76867870",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"31863458945747855404031146347807020032",
"101914556914327229503050354764631718102",
"152408753156262496763212019825099333887",
"283196058586486498443714268776973736929",
"235435633057246815498807168805364311883",
"58183659154948519433500447108239486021",
"267561276077180045214993981380397376757",
"217967526014509531600795984379562621271",
"9603444088893844832578168139879830558",
"150625911743021074390256788328171439261",
"156715389106347318133217079548016383261"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "src/FontInfo.c"
},
"id": "CVE-2021-31535-7cd24872",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"80129333695779641381576002661036683501",
"26784690429517856576801970640465559669",
"282982041665519749977830514767598380425"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XParseColor",
"file": "src/ParseCol.c"
},
"id": "CVE-2021-31535-8a339271",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "226579109019714700817799452827862392636",
"length": 1835.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XStoreName",
"file": "src/StName.c"
},
"id": "CVE-2021-31535-8e3196fe",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "124867819081785719348192357474512710152",
"length": 242.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/LoadFont.c"
},
"id": "CVE-2021-31535-8e895452",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50740766647139537254525501348017655566",
"312886974931123872537107090712557873142",
"146620374490523123600052805197895021536",
"286742250289382630656494368908146052234",
"319156673997211742746296553108985673051",
"236432169601576487340315636149580793967"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XLoadQueryFont",
"file": "src/Font.c"
},
"id": "CVE-2021-31535-a1f9ebe0",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "66997949985231049690069052670410082328",
"length": 752.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XSetFontPath",
"file": "src/SetFPath.c"
},
"id": "CVE-2021-31535-aa34eb7a",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "23833505750581235338172880099508340313",
"length": 814.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/QuExt.c"
},
"id": "CVE-2021-31535-c0457bdd",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50740766647139537254525501348017655566",
"183139958355928770822938698230453995145",
"104823369486760063538283238423342242650",
"277481263869901368836241285052202953257",
"169237578015176389816573232424913306841",
"121814899006143998207976236184720190911"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "XListFontsWithInfo",
"file": "src/FontInfo.c"
},
"id": "CVE-2021-31535-c1534411",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "145508344740012304412853084065860036813",
"length": 3461.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"function": "XListFonts",
"file": "src/FontNames.c"
},
"id": "CVE-2021-31535-c2481a39",
"source": "https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605",
"digest": {
"function_hash": "316840535811024662384818677316901887693",
"length": 1468.0
},
"deprecated": false,
"signature_type": "Function"
}
]