CVE-2006-3668
published 2006-07-18CVE-2006-3668: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716…
PriorityP339high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
9.94%
95.0th percentile
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libdumb | < libdumb 1:0.9.3-5 (bookworm) | libdumb 1:0.9.3-5 (bookworm) |
| dynamic_universal_music_bibliotheque | dumb | <= 0.9.3 | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w57g-v53q-xw44: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0
ghsa_unreviewed·2022-05-01
CVE-2006-3668 [HIGH] CWE-119 GHSA-w57g-v53q-xw44: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.
OSV
CVE-2006-3668: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0
osv·2006-07-18·CVSS 7.6
CVE-2006-3668 [HIGH] CVE-2006-3668: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.
Debian
CVE-2006-3668: libdumb - Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal...
vendor_debian·2006·CVSS 7.6
CVE-2006-3668 [HIGH] CVE-2006-3668: libdumb - Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal...
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.
Scope: local
bookworm: resolved (fixed in 1:0.9.3-5)
bullseye: resolved (fixed in 1:0.9.3-5)
forky: resolved (fixed in 1:0.9.3-5)
sid: resolved (fixed in 1:0.9.3-5)
trixie: resolved (fixed in 1:0.9.3-5)
No detection rules found.
http://aluigi.altervista.org/adv/dumbit-adv.txthttp://secunia.com/advisories/21092http://secunia.com/advisories/21184http://secunia.com/advisories/21416http://securityreason.com/securityalert/1240http://www.debian.org/security/2006/dsa-1123http://www.gentoo.org/security/en/glsa/glsa-200608-14.xmlhttp://www.securityfocus.com/bid/19025http://www.vupen.com/english/advisories/2006/2835https://exchange.xforce.ibmcloud.com/vulnerabilities/27789http://aluigi.altervista.org/adv/dumbit-adv.txthttp://secunia.com/advisories/21092http://secunia.com/advisories/21184http://secunia.com/advisories/21416http://securityreason.com/securityalert/1240http://www.debian.org/security/2006/dsa-1123http://www.gentoo.org/security/en/glsa/glsa-200608-14.xmlhttp://www.securityfocus.com/bid/19025http://www.vupen.com/english/advisories/2006/2835https://exchange.xforce.ibmcloud.com/vulnerabilities/27789
2006-07-18
Published