CVE-2025-7709

MEDIUM

SQLite FTS5 3.49.1-3.50 - Integer Overflow in Tombstone Pointer Array

Title source: llm

Description

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2025/09/06/2

Vendor Advisory

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g

Mailing List

http://www.openwall.com/lists/oss-security/2025/11/18/10

Scores

CVSS v4 6.9

EPSS 0.0032

EPSS Percentile 23.7%

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (1)

SQLite/FTS5 3.49.1 < 3.50

Published Sep 08, 2025

Tracked Since Feb 18, 2026