CVE-2021-31535

Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.7.1 X.Org X versions through X11R7.7

Description The issue is related to insufficient input validation in the XLookupColor() function of the libX11 library. This can be exploited by an attacker to potentially execute arbitrary code, allowing them to take control of the running graphical session. The vulnerability arises when a client sends color-name requests with names longer than the maximum size allowed by the protocol, which are then interpreted by the server as additional X protocol requests.

Recommendations For libX11 versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. For X.Org X versions through X11R7.7, consider disabling the XLookupColor() function as a temporary workaround until a patch is available. Restrict access to the vulnerable LookupCol.c module to minimize the risk of exploitation. Avoid using the XLookupColor request with untrusted input until the issue is resolved.