CVE-2006-3668

Exploit

EPSS 17.9%
Veröffentlicht 18.07.2006 15:47:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dynamic Universal Music Bibliotheque ≫ Dumb Version <= 0.9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.9%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://aluigi.altervista.org/adv/dumbit-adv.txt

Exploit

http://secunia.com/advisories/21092

Vendor Advisory

http://secunia.com/advisories/21184

http://secunia.com/advisories/21416

Vendor Advisory

http://securityreason.com/securityalert/1240

http://www.debian.org/security/2006/dsa-1123

http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml

http://www.securityfocus.com/bid/19025

http://www.vupen.com/english/advisories/2006/2835