Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2006-3668

Published: 18/07/2006 Updated: 20/07/2017
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Dynamic Universal Music Bibliotheque

Vulnerability Summary

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and previous versions and current CVS as of 20060716, including libdumb, allows user-assisted malicious users to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Vulnerable Product Search on Vulmon Subscribe to Product

dynamic universal music bibliotheque dumb

Vendor Advisories

Debian CVElist Bug Report Logs: dumb: CVE-2006-3668: arbitrary code execution
Debian Bug report logs - #379064 dumb: CVE-2006-3668: arbitrary code execution Package: libdumb; Maintainer for libdumb is Debian Games Team <pkg-games-devel@listsaliothdebianorg>; Reported by: Alec Berryman <alec@thenednet> Date: Thu, 20 Jul 2006 22:48:06 UTC Severity: serious Tags: security Fixed in versions l ...
Debian Security Advisories: DSA-1123-1 libdumb -- buffer overflow
Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files, which might lead to a buffer overflow and execution of arbitrary code if manipulated files are read For the stable distribution (sarge) this problem has been fixed in version 092-6 For the unstable distribution (s ...

Exploits

Exploit DB: Dumb 0.9.3 - 'it_read_envelope' Remote Heap Overflow (PoC)
/* by Luigi Auriemma */ #include <stdioh> #include <stdlibh> #include <stringh> #include <stdinth> #define VER "01" #define BOF 255 // 25 < BOF < 256 #define INSTRSZ 371 #define POCNAME "proof-of-concept" void fwi08(FILE *fd, int num); void fwi16(FILE *fd, int num); void fwi32( ...

References

CWE-119http://aluigi.altervista.org/adv/dumbit-adv.txthttp://secunia.com/advisories/21092http://www.securityfocus.com/bid/19025http://www.debian.org/security/2006/dsa-1123http://secunia.com/advisories/21184http://www.gentoo.org/security/en/glsa/glsa-200608-14.xmlhttp://secunia.com/advisories/21416http://securityreason.com/securityalert/1240http://www.vupen.com/english/advisories/2006/2835https://exchange.xforce.ibmcloud.com/vulnerabilities/27789https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379064https://nvd.nist.govhttps://www.exploit-db.com/exploits/2037/https://www.debian.org/security/./dsa-1123
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook