CVE-2025-7709
published 2025-09-08CVE-2025-7709: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and…
medium6.9CVSS 4.0
AVNACHATPPRLUIAVCNVIHVALSCNSIHSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sqlite3 | < sqlite3 3.46.1-8 (forky) | sqlite3 3.46.1-8 (forky) |
| ghost | sqlite3 | >= 0 < 3.46.1-7+deb13u1 | 3.46.1-7+deb13u1 |
| ghost | sqlite3 | >= 0 < 3.46.1-8 | 3.46.1-8 |
| sqlite | fts5 | — | — |
CVSS provenance
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv6.9MEDIUM