CVE-2007-5585
EPSS 0.35%xscreensaver - authentication bypass
Published: 10/19/2007Modified: 4/28/2026
Description
xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.
Affected packages (2)
- Debian/xscreensaverfrom 0, < 5.03-3.1
- Debian/xscreensaverfrom 0, < 5.03-2+lenny1