CVE-2016-10894

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10894

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10894.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10894

Related

Published

2019-08-16T03:15:11Z

Modified

2024-11-21T02:45:00Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).

References

Affected packages

Debian:11 / xtrlock

Package

Name: xtrlock
Purl: pkg:deb/debian/xtrlock?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xtrlock

Package

Name: xtrlock
Purl: pkg:deb/debian/xtrlock?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xtrlock

Package

Name: xtrlock
Purl: pkg:deb/debian/xtrlock?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12

Ecosystem specific

{
    "urgency": "not yet assigned"
}