Input validation error in libx11

#VU53336 Input validation error in libx11

Published: 2021-05-19 | Updated: 2021-05-19

Vulnerability identifier: #VU53336

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-31535

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
libx11
Other software / Other software solutions

Vendor: xorg.freedesktop.org

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of color names within the XLookupColor() function. A local user can run a specially crafted application on the system and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libx11: 1.0.99.1 - 1.7.0

Fixed software versions

CPE

cpe:2.3:a:xorg.freedesktop.org:libx11:1.7.0:*:*:*:*:*:*:*

External links
http://seclists.org/oss-sec/2021/q2/153
http://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell PowerStore Family

Multiple vulnerabilities in Dell EMC VxRail Appliance

Multiple vulnerabilities in Juniper Networks Contrail Networking

Multiple vulnerabilities in OpenShift Virtualization

Multiple vulnerabilities in OpenShift Container Platform 4.11

Multiple vulnerabilities in Dell EMC Unity

Red Hat Enterprise Linux 8 update for libX11

Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes

Multiple vulnerabilities in Red Hat Virtualization

CentOS 7 update for libX11