Description
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-2187
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-2187
Exploit, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://www.openwall.com/lists/oss-security/2011/06/06/17
Release Notes, Vendor Advisory x_refsource_misc
https://www.jwz.org/xscreensaver/changelog.html
Scores
CVSS v3
7.8
EPSS
0.0048
EPSS Percentile
38.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (4)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
xscreensaver_project/xscreensaver
< 5.14
Published
Nov 27, 2019
Tracked Since
Feb 18, 2026