CVE-2006-3668

Name of the Vulnerable Software and Affected Versions: DUMB versions 0.9.3 and earlier libdumb (affected versions not specified)

Description: The issue is related to a heap-based buffer overflow in the it read envelope function, which can be exploited by user-assisted attackers via a ".it" (Impulse Tracker) file with an envelope containing a large number of nodes, potentially allowing the execution of arbitrary code. Additionally, multiple vulnerabilities in the libdumb package may lead to disruptions in confidentiality, integrity, and availability of protected information, with possible remote exploitation.

Recommendations: For DUMB versions 0.9.3 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libdumb: At the moment, there is no information about a newer version that contains a fix for this vulnerability.