The vulnerability of the XLookupColor() function in the libX11 library, which stems from insufficient input data validation, allows a malicious actor to perform denial-of-service attacks.

🗓️ 01 Jun 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

XLookupColor vulnerability in the X window library allows denial of service due to insufficient input validation.

Reporter	Title	Published	Views	Family All 209
IBM Security Bulletins	Security Bulletin: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code, affect watsonx.data	16 Jun 202505:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues	19 Jun 202517:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-25648, CVE-2021-31535, CVE-2021-20305, CVE-2020-25692)	8 Nov 202103:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Event and Flow Exporter App is vulnerable to using components with known vulnerabilities (CVE-2021-31535, CVE-2020-17541)	16 Jun 202218:26	–	ibm
FreeBSD	libX11 -- Arbitrary code execution	11 May 202100:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : libX11 (ALAS-2021-1686)	16 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libX11 (ALAS-2021-1517)	13 Jul 202100:00	–	nessus
Tenable Nessus	AlmaLinux 8 : libX11 (ALSA-2021:4326)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : libX11 (CESA-2021:4326)	11 Nov 202100:00	–	nessus
Tenable Nessus	CentOS 7 : libX11 (RHSA-2021:3296)	30 Aug 202100:00	–	nessus

Vulners

Node

x.org xlib_(libx11)Range1.0.99.1–1.7.0

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

canonical ubuntuMatch20.10

OR

canonical ubuntuMatch21.04

Source	Link
access	www.access.redhat.com/security/cve/cve-2021-31535
altsp	www.altsp.su/obnovleniya-bezopasnosti/
gitlab	www.gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
redos	www.redos.red-soft.ru/updatesec/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-31535
ubuntu	www.ubuntu.com/security/notices/USN-4966-1
ubuntu	www.ubuntu.com/security/notices/USN-4966-2
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
wiki	www.wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81

19 Aug 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 22.1

CVSS 33.3

EPSS0.10634

XLookupColor vulnerability X window library Input validation fault Denial of service