CVE-2006-3668 Information
Description
Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716 including libdumb allows user-assisted attackers to execute arbitrary code via a .it\ (Impulse Tracker) file with an envelope with a large number of nodes.
Reference
http://aluigi.altervista.org/adv/dumbit-adv.txt http://secunia.com/advisories/21092 http://secunia.com/advisories/21184 http://secunia.com/advisories/21416 http://securityreason.com/securityalert/1240 http://www.debian.org/security/2006/dsa-1123 http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml http://www.securityfocus.com/bid/19025 http://www.vupen.com/english/advisories/2006/2835 https://exchange.xforce.ibmcloud.com/vulnerabilities/27789
Share on: