CVE-2025-7709 | THREATINT

Description

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

PUBLISHED Reserved 2025-07-16 | Published 2025-09-08 | Updated 2025-11-18 | Assigner Google

MEDIUM: 6.9CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

3.49.1 < 3.50

affected

References

www.openwall.com/lists/oss-security/2025/09/06/2

www.openwall.com/lists/oss-security/2025/11/18/10

github.com/...search/security/advisories/GHSA-v2c8-vqqp-hv3g

cve.org (CVE-2025-7709)

nvd.nist.gov (CVE-2025-7709)

Download JSON