{"id":"CVE-2021-31535","details":"LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.","modified":"2026-03-20T11:41:06.140579Z","published":"2021-05-27T13:15:08.240Z","related":["ALSA-2021:4326","MGASA-2021-0219","SUSE-SU-2021:14748-1","SUSE-SU-2021:1765-1","SUSE-SU-2021:1766-1","SUSE-SU-2021:1892-1","SUSE-SU-2021:1897-1","openSUSE-SU-2021:0807-1","openSUSE-SU-2021:0857-1","openSUSE-SU-2021:1897-1","openSUSE-SU-2024:10918-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-16"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210813-0001/"},{"type":"ADVISORY","url":"https://lists.freedesktop.org/archives/xorg/"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2021/05/18/2"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2021/05/18/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/05/18/2"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4920"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/May/52"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605"},{"type":"ADVISORY","url":"https://lists.x.org/archives/xorg-announce/2021-May/003088.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html"},{"type":"EVIDENCE","url":"https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/"},{"type":"EVIDENCE","url":"https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/lib/libX11","events":[{"introduced":"0"},{"fixed":"6953a586df4819143c4d55e011b3a5e5377981b8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.7.1"}]}},{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/lib/libx11","events":[{"introduced":"0"},{"fixed":"8d2e02ae650f00c4a53deb625211a0527126c605"}]}],"versions":["MODULAR_COPY","XACE-SELINUX-MERGE","XORG-6_7_99_1","XORG-6_7_99_2","XORG-6_7_99_902","XORG-6_7_99_903","XORG-6_8_1","XORG-6_8_99_10","XORG-6_8_99_13","XORG-6_8_99_14","XORG-6_8_99_15","XORG-6_8_99_6","XORG-6_8_99_7","XORG-6_8_99_9","XORG-6_8_99_900","XORG-6_8_99_901","XORG-6_8_99_902","XORG-6_8_99_903","XORG-6_99_99_900","XORG-6_99_99_901","XORG-6_99_99_902","XORG-6_99_99_903","XORG-6_99_99_904","XORG-MAIN","libX11-1.0.99.1","libX11-1.0.99.2","libX11-1.1","libX11-1.1-RC1","libX11-1.1-RC2","libX11-1.1.1","libX11-1.1.2","libX11-1.1.3","libX11-1.1.4","libX11-1.1.99.2","libX11-1.2","libX11-1.2.1","libX11-1.2.2","libX11-1.2.99.901","libX11-1.3","libX11-1.3.1","libX11-1.3.2","libX11-1.3.3","libX11-1.3.4","libX11-1.3.99.901","libX11-1.3.99.902","libX11-1.3.99.903","libX11-1.4.0","libX11-1.4.1","libX11-1.4.2","libX11-1.4.3","libX11-1.4.4","libX11-1.4.99.1","libX11-1.4.99.901","libX11-1.4.99.902","libX11-1.5.0","libX11-1.5.99.901","libX11-1.5.99.902","libX11-1.6.0","libX11-1.6.1","libX11-1.6.10","libX11-1.6.11","libX11-1.6.12","libX11-1.6.2","libX11-1.6.3","libX11-1.6.4","libX11-1.6.5","libX11-1.6.6","libX11-1.6.7","libX11-1.6.8","libX11-1.6.9","libX11-1.7.0","libX11-1_0_1","libX11-1_0_2","libX11-1_0_3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"x11r7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31535.json","vanir_signatures":[{"target":{"file":"src/LookupCol.c","function":"XLookupColor"},"signature_type":"Function","id":"CVE-2021-31535-03c4294d","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"194779545851206938191317774910667006767","length":1204},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/StNColor.c","function":"XStoreNamedColor"},"signature_type":"Function","id":"CVE-2021-31535-06c7a3b3","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"57596708029533598651365206010640559677","length":805},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetFPath.c"},"signature_type":"Line","id":"CVE-2021-31535-06ff8958","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["50740766647139537254525501348017655566","191720514066239136195297291948358165596","236735166600612026233734810992458744372","175250586613470016533022889582037947246","15820597583791618870090057761206061612","323884454437786854138380526354199915375"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetHints.c","function":"XSetClassHint"},"signature_type":"Function","id":"CVE-2021-31535-0ed22727","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"339492935456616761875859918177051278716","length":560},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/GetColor.c","function":"XAllocNamedColor"},"signature_type":"Function","id":"CVE-2021-31535-1452889a","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"272229315376601560145787171691278513077","length":1283},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/Font.c"},"signature_type":"Line","id":"CVE-2021-31535-174c0404","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["16257440484568987506901834172546690453","29592823987098147533264154119221098212","150231721246991869990294808332596117824","277939570852743938313382357778705813908","23540310715949143903583714386511684886","41702074481376957366942239806873386079","301186063222482847227854460083028620096"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/QuExt.c","function":"XQueryExtension"},"signature_type":"Function","id":"CVE-2021-31535-17f9abb4","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"3273904504419152404817559787134880597","length":578},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetHints.c","function":"XSetStandardProperties"},"signature_type":"Function","id":"CVE-2021-31535-1bc3c9c8","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"141049300835485479325261718068060773376","length":690},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/ParseCol.c"},"signature_type":"Line","id":"CVE-2021-31535-2ce993a7","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["262504001726064536913730362978503461039","21668516314201488491497005893235019520","36409840772859001858509127713312563951","121881950064672761746840297912490311066","313441283645575752615977181693896599727","28234959273533793541662092506365956772","79396196360508823037340879876919941591"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/Font.c","function":"_XF86LoadQueryLocaleFont"},"signature_type":"Function","id":"CVE-2021-31535-30877076","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"93291342007330628588149580812011790579","length":1286},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetHints.c","function":"XSetCommand"},"signature_type":"Function","id":"CVE-2021-31535-3311e1dc","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"24684718490872317656076989888444743713","length":601},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/FontNames.c"},"signature_type":"Line","id":"CVE-2021-31535-3c5cab0b","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["183540688237464359359532939193636150510","208313404388619166471369205993232785091","321610926566339078421915125242385029692"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/LoadFont.c","function":"XLoadFont"},"signature_type":"Function","id":"CVE-2021-31535-46f466a4","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"22089373937851375930563966087998802849","length":467},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetHints.c"},"signature_type":"Line","id":"CVE-2021-31535-545aeb71","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["31863458945747855404031146347807020032","68961041533426996369863547461183352412","274053626768630293049051151122532135454","296874047534542534430039836340292501045","93929287736250484024689755957198032316","225080581754741922607453415960086415678","3073408934216278589773249814016384519","100731358177687282697573601294506188442","193296163577986555494456534927255038395","288803370994506060175970321761736290351","279794168693008621650904745261952586639","236622881049090339554616567627678831237","177867807698317477636841312789999896209","102973379653873905648734011320756338553"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/StName.c","function":"XSetIconName"},"signature_type":"Function","id":"CVE-2021-31535-5af3990e","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"30583031230923752344114699184738534690","length":247},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/LookupCol.c"},"signature_type":"Line","id":"CVE-2021-31535-5df119da","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["262504001726064536913730362978503461039","21668516314201488491497005893235019520","36409840772859001858509127713312563951","158614489178553825387838154785007706854","268358346475244183936174525433343488558","207217743611472631402677607440911295277","8086225728994918271076276047011540756","296162282267076243929351581204304500884","44473234487433654380309193110288885415","167551788482031049547736823666537207774"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/StNColor.c"},"signature_type":"Line","id":"CVE-2021-31535-60990db3","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["262504001726064536913730362978503461039","21668516314201488491497005893235019520","36409840772859001858509127713312563951","318148898277984628551132884954917923508","230272514686543693188884383879003345375","223308178260587010079595248684064479913"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/GetColor.c"},"signature_type":"Line","id":"CVE-2021-31535-67d32a13","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["262504001726064536913730362978503461039","21668516314201488491497005893235019520","36409840772859001858509127713312563951","291984676250480342888077324157364398308","24052841096178241101704599061165452902","27834934316003449013620342270320311669"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/StName.c"},"signature_type":"Line","id":"CVE-2021-31535-76867870","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["31863458945747855404031146347807020032","101914556914327229503050354764631718102","152408753156262496763212019825099333887","283196058586486498443714268776973736929","235435633057246815498807168805364311883","58183659154948519433500447108239486021","267561276077180045214993981380397376757","217967526014509531600795984379562621271","9603444088893844832578168139879830558","150625911743021074390256788328171439261","156715389106347318133217079548016383261"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/FontInfo.c"},"signature_type":"Line","id":"CVE-2021-31535-7cd24872","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["80129333695779641381576002661036683501","26784690429517856576801970640465559669","282982041665519749977830514767598380425"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/ParseCol.c","function":"XParseColor"},"signature_type":"Function","id":"CVE-2021-31535-8a339271","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"226579109019714700817799452827862392636","length":1835},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/StName.c","function":"XStoreName"},"signature_type":"Function","id":"CVE-2021-31535-8e3196fe","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"124867819081785719348192357474512710152","length":242},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/LoadFont.c"},"signature_type":"Line","id":"CVE-2021-31535-8e895452","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["50740766647139537254525501348017655566","312886974931123872537107090712557873142","146620374490523123600052805197895021536","286742250289382630656494368908146052234","319156673997211742746296553108985673051","236432169601576487340315636149580793967"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/Font.c","function":"XLoadQueryFont"},"signature_type":"Function","id":"CVE-2021-31535-a1f9ebe0","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"66997949985231049690069052670410082328","length":752},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/SetFPath.c","function":"XSetFontPath"},"signature_type":"Function","id":"CVE-2021-31535-aa34eb7a","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"23833505750581235338172880099508340313","length":814},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/QuExt.c"},"signature_type":"Line","id":"CVE-2021-31535-c0457bdd","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"line_hashes":["50740766647139537254525501348017655566","183139958355928770822938698230453995145","104823369486760063538283238423342242650","277481263869901368836241285052202953257","169237578015176389816573232424913306841","121814899006143998207976236184720190911"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/FontInfo.c","function":"XListFontsWithInfo"},"signature_type":"Function","id":"CVE-2021-31535-c1534411","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"145508344740012304412853084065860036813","length":3461},"deprecated":false,"signature_version":"v1"},{"target":{"file":"src/FontNames.c","function":"XListFonts"},"signature_type":"Function","id":"CVE-2021-31535-c2481a39","source":"https://gitlab.freedesktop.org/xorg/lib/libx11@8d2e02ae650f00c4a53deb625211a0527126c605","digest":{"function_hash":"316840535811024662384818677316901887693","length":1468},"deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}