CVE-2025-7709: Out Of Bounds write in FTS5 Extension in SQLite
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-7709?
CVE-2025-7709 is categorized with a moderate severity due to the potential for exploitation through an integer overflow in the SQLite FTS5 extension.
How do I fix CVE-2025-7709?
To fix CVE-2025-7709, users should update to the latest version of the SQLite FTS5 extension, where the vulnerability is patched.
What causes CVE-2025-7709?
CVE-2025-7709 is caused by an integer overflow occurring during the calculation of an array size for tombstone pointers.
Who is affected by CVE-2025-7709?
Users of the SQLite FTS5 extension are affected by CVE-2025-7709, especially those working with large datasets.
What are the potential impacts of CVE-2025-7709?
The potential impacts of CVE-2025-7709 include the possibility of writing out of bounds to memory, which could lead to data corruption or code execution.