CVE-2007-5585

NameCVE-2007-5585
Descriptionxscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-83-1
Debian Bugs448157

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xscreensaver (PTS)bullseye5.45+dfsg1-2fixed
bookworm6.06+dfsg1-3+deb12u1fixed
sid, trixie6.08+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xscreensaversourcesarge(not affected)
xscreensaversourceetch(not affected)
xscreensaversourcelenny5.03-2+lenny1DTSA-83-1
xscreensaversource(unstable)5.03-3.1medium448157

Notes

[etch] - xscreensaver <not-affected> (Vulnerable code not present)
[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems