CVE-2025-7709Integer Overflow or Wraparound in Fts5

CWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 83.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ghost Sqlite3Sqlite Fts5
Timeline
PublishedSep 8
Latest updateSep 15

Description

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Affected Packages2 packages

CVEListV5sqlite/fts53.49.1 < 3.50
Debianghost/sqlite3< 3.46.1-7+deb13u1+1

🔴Vulnerability Details

2
OSV
CVE-2025-7709: An integer overflow exists in the FTS5 https://sqlite2025-09-08
CVEList
Out Of Bounds write in FTS5 Extension in SQLite2025-09-08

📋Vendor Advisories

2
Ubuntu
SQLite vulnerability2025-09-15
Debian
CVE-2025-7709: sqlite3 - An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension....2025
CVE-2025-7709 — Integer Overflow or Wraparound in Fts5 | cvebase