CVE-2006-3668

2006-07-1800:00:00

ubuntu.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

Heap-based buffer overflow in the it_read_envelope function in Dynamic
Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of
20060716, including libdumb, allows user-assisted attackers to execute
arbitrary code via a “.it” (Impulse Tracker) file with an envelope with a
large number of nodes.

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu7.04noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu7.10noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu8.04noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu8.10noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu9.04noarchlibdumb< 0.9.3-5UNKNOWN
ubuntu9.10noarchlibdumb< 0.9.3-5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	7.04	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	7.10	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	8.04	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	8.10	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	9.04	noarch	libdumb	< 0.9.3-5	UNKNOWN
ubuntu	9.10	noarch	libdumb	< 0.9.3-5	UNKNOWN