First published: Thu Jun 10 2021(Updated: )
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xscreensaver Project Xscreensaver | =5.45 | |
Fedoraproject Fedora | =33 |
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.