CVE-2006-3668

Name: CVE-2006-3668
Creator: NVD / NIST
Published: 2006-07-18T15:47:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.94%

Last modified Jun 16, 2026

CVE-2006-3668 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.. EPSS estimates a 9.94% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Metrics

EPSS Probability

9.94%

95.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Dynamic Universal Music Bibliotheque	Dumb	<= 0.9.3

References

Timeline

Published: Jul 18, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3668?

How severe is CVE-2006-3668?

Severity scoring for CVE-2006-3668 is pending analysis. The EPSS model estimates a 9.94% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3668?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3668?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST