Home

Description

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

PUBLISHED Reserved 2026-01-09 | Published 2026-03-12 | Updated 2026-03-12 | Assigner mitre

References

sqlite.org/forum/forumpost/761eac3c82

sqlite.org/src/info/3d459f1fb1bd1b5e

gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054

cve.org (CVE-2025-70873)

nvd.nist.gov (CVE-2025-70873)

Download JSON