CVE-2007-5585Xscreensaver vulnerability

CWE-3995 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 42.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XscreensaverDebian Xscreensaver
Timeline
PublishedOct 19
Latest updateMay 1

Description

xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/xscreensaver< xscreensaver 5.03-3.1 (bookworm)
Debianxscreensaver/xscreensaver< 5.03-3.1+3

🔴Vulnerability Details

2
GHSA
GHSA-8v57-3pf3-74jp: xscreensaver 52022-05-01
OSV
CVE-2007-5585: xscreensaver 52007-10-19

📋Vendor Advisories

1
Debian
CVE-2007-5585: xscreensaver - xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL e...2007

💬Community

1
Bugzilla
CVE-2007-5585 password prompt crashes by gl hacks without gl helper2007-10-17
CVE-2007-5585 — Debian Xscreensaver vulnerability | cvebase