CVE-2025-7709

EUVD-2025-27137
An integer overflow exists in the  FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bookworm
no-dsa
bullseye
3.34.1-3
fixed
bullseye (security)
3.34.1-3+deb11u1
fixed
forky
3.46.1-9
fixed
sid
3.46.1-9
fixed
trixie
3.46.1-7+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsqlite3-0
suse enterprise desktop 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise sap 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise server 12 SP3
3.51.3-9.47.1
fixed
suse enterprise server 15 SP4
3.51.3-150000.3.39.1
fixed
suse enterprise server 15 SP7
3.51.3-150000.3.39.1
fixed
libsqlite3-0-32bit
suse enterprise desktop 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise sap 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise server 12 SP3
3.51.3-9.47.1
fixed
suse enterprise server 15 SP4
3.51.3-150000.3.39.1
fixed
suse enterprise server 15 SP7
3.51.3-150000.3.39.1
fixed
sqlite3
suse enterprise desktop 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise sap 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise server 12 SP3
3.51.3-9.47.1
fixed
suse enterprise server 15 SP4
3.51.3-150000.3.39.1
fixed
suse enterprise server 15 SP7
3.51.3-150000.3.39.1
fixed
sqlite3-devel
suse enterprise desktop 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise sap 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise server 12 SP3
3.51.3-9.47.1
fixed
suse enterprise server 15 SP4
3.51.3-150000.3.39.1
fixed
suse enterprise server 15 SP7
3.51.3-150000.3.39.1
fixed
sqlite3-tcl
suse enterprise desktop 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise sap 15 SP7
3.51.3-150000.3.39.1
fixed
suse enterprise server 12 SP3
3.51.3-9.47.1
fixed
suse enterprise server 15 SP4
3.51.3-150000.3.39.1
fixed
suse enterprise server 15 SP7
3.51.3-150000.3.39.1
fixed
Common Weakness Enumeration
References
https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g
http://www.openwall.com/lists/oss-security/2025/09/06/2
http://www.openwall.com/lists/oss-security/2025/11/18/10