CVE-2021-34557

Name of the Vulnerable Software and Affected Versions XScreenSaver version 5.45

Description The issue is related to a buffer overflow in the update screen layout() function, which can be exploited by an attacker to bypass the standard screen lock authentication mechanism. This can be achieved by crashing XScreenSaver when the machine has more than ten disconnectable video outputs, requiring the attacker to physically disconnect many video outputs. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For XScreenSaver version 5.45, as a temporary workaround, consider restricting the number of disconnectable video outputs to minimize the risk of exploitation. Additionally, avoid using the update screen layout() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.