CVE-2025-7709

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

Name of the Vulnerable Software and Affected Versions: SQLite FTS5 extension (affected versions not specified)

Description: An integer overflow exists in the FTS5 extension. The issue occurs when calculating the size of an array of tombstone pointers, leading to truncation into a 32-bit integer. This allows writing a pointer to partially controlled data out of bounds.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2025-7709

ECHO-37B8-7D67-9685

GHSA-V2C8-VQQP-HV3G

OPENSUSE-SU-2026:10171-1

OPENSUSE-SU-2026:20513-1

SUSE-SU-2026:0395-1

SUSE-SU-2026:0432-1

SUSE-SU-2026:0955-1

SUSE-SU-2026:1065-1

SUSE-SU-2026:20771-1

SUSE-SU-2026:20794-1

SUSE-SU-2026:21095-1

SUSE-SU-2026:21173-1

USN-7751-1

Affected Products

Debian

Linuxmint

Sqlite Fts5

Ubuntu

CVE-2025-7709

Weakness Enumeration

Related Identifiers

Affected Products

References · 44