CVE-2011-2187

EUVD-2011-2178
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
xscreensaver_projectxscreensaver
𝑥
< 5.14
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xscreensaver
bookworm
6.06+dfsg1-3+deb12u1
fixed
bullseye
5.45+dfsg1-2
fixed
sid
6.08+dfsg1-1
fixed
squeeze
not-affected
trixie
6.08+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xscreensaver
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-2187
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187
https://security-tracker.debian.org/tracker/CVE-2011-2187
https://www.jwz.org/xscreensaver/changelog.html
https://www.openwall.com/lists/oss-security/2011/06/06/17
https://access.redhat.com/security/cve/cve-2011-2187
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187
https://security-tracker.debian.org/tracker/CVE-2011-2187
https://www.jwz.org/xscreensaver/changelog.html
https://www.openwall.com/lists/oss-security/2011/06/06/17