CVE-2025-7709

Published: September 9, 2025Last modified: September 19, 2025

Description

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

Notes

23-lts is not affected as the bug was in a later version.

Status

References

• https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g