CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 4CVE-2021-31535 – libX11: missing request length checks
https://notcve.org/view.php?id=CVE-2021-31535
21 May 2021 — LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests a... • https://packetstorm.news/files/id/162737 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •