cbcvebase.
CVE-2006-3668
published 2006-07-18

CVE-2006-3668: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716…

PriorityP339high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
9.94%
95.0th percentile
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianlibdumb< libdumb 1:0.9.3-5 (bookworm)libdumb 1:0.9.3-5 (bookworm)
dynamic_universal_music_bibliothequedumb<= 0.9.3

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.