FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libX11 -- Arbitrary code execution

Affected packages
libX11 < 1.7.1

Details

VuXML ID 58d6ed66-c2e8-11eb-9fb0-6451062f0f7a
Discovery 2021-05-11
Entry 2021-06-01

The X.org project reports:

XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server.

References

CVE Name CVE-2021-31535
URL https://lists.freedesktop.org/archives/xorg/2021-May/060699.html
URL https://nvd.nist.gov/vuln/detail/CVE-2021-31535