Bug 496708

Summary: Shows screenshot from 4 hours ago
Product: [Applications] Spectacle Reporter: insufficient.amphibian.ytxd
Component: GeneralAssignee: Noah Davis <noahadvs>
Status: RESOLVED WORKSFORME    
Severity: grave CC: kde, nate
Priority: NOR    
Version First Reported In: 24.08.3   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description insufficient.amphibian.ytxd 2024-11-26 15:41:51 UTC 
I have not been able to replicate this bug.

I pressed the print screen key, and Spectacle came up, and showed what should have been an image of my screen.  It wasn't an image of my current screen, it was an image of my screen from around 4 hours ago.

This is highly concerning.

It means that an image of my screen from 4 hours prior was saved somewhere on my system.  

How does Spectacle copy and save and regurgitate images from the screen?  Can it be abused or hacked?  Am I hacked, or is this a bug?

I'm running CachyOS (Arch-based) on a live disk, when this happened.
Comment 1 Nate Graham 2024-11-26 17:04:55 UTC 
Are you using X11 or Wayland?

Are you saying you had the live session going for over 4 hours?
Comment 2 Noah Davis 2024-11-26 20:05:14 UTC 
> How does Spectacle copy and save and regurgitate images from the screen?

When using KWin, Spectacle requests a screenshot from KWin. You can then use Spectacle to apply various modifications to the image, such as crops and annotations. Depending on your settings (check the settings dialog by clicking "Configure..."), it may or may not automatically save the screenshot to your screenshots folder or copy the screenshot to the clipboard. Unless you have explicitly chosen to open an existing image from 4 hours ago with the -E or --edit-existing command line options, it should be impossible to open a screenshot from 4 hours ago.

On X11 without KWin, Spectacle uses X11/XCB to get screenshots and process them in the same way as mentioned above.

> Can it be abused or hacked?

Almost anything can be abused or hacked depending on the circumstances and methods used. However, making Spectacle open a screenshot from 4 hours ago would be a strange choice for a hacker even if their only goal was to troll you.

> Am I hacked, or is this a bug?

It's probably a bug.
Comment 3 insufficient.amphibian.ytxd 2024-11-27 03:21:12 UTC 
> Almost anything can be abused or hacked depending on the circumstances and
> methods used. However, making Spectacle open a screenshot from 4 hours ago
> would be a strange choice for a hacker even if their only goal was to troll
> you.

I'm wondering if Spectacle, or Kwin, was hijacked by a hacker, and that there was a bug in the hack to make the screenshot from four hours ago show up when I pressed print screen.  I believe that somehow that image got either frozen or saved in the place where Spectacle retrieves or copies the screen from.
Comment 4 insufficient.amphibian.ytxd 2024-11-27 03:22:19 UTC 
(In reply to Nate Graham from comment #1)
> Are you using X11 or Wayland?

I believe CachyOS uses Wayland.

> Are you saying you had the live session going for over 4 hours?

Yes.
Comment 5 insufficient.amphibian.ytxd 2024-11-27 03:25:41 UTC 
> Are you using X11 or Wayland?

Sorry -- using X11.  Not Wayland.
Comment 6 Nate Graham 2025-10-30 20:41:39 UTC 
Does it reproduce on Wayland in Plasma 6.5 or later?
Comment 7 Bug Janitor Service 2025-11-14 03:48:11 UTC 
๐Ÿ›๐Ÿงน โš ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME.

For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging.

Thank you for helping us make KDE software even better for everyone!
Comment 8 Bug Janitor Service 2025-11-29 03:46:24 UTC 
๐Ÿ›๐Ÿงน This bug has been in NEEDSINFO status with no change for at least 30 days. Closing as RESOLVED WORKSFORME.