CVE-2025-7709

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7709

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7709.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7709

Aliases

GHSA-v2c8-vqqp-hv3g

Downstream

BELL-CVE-2025-7709

DEBIAN-CVE-2025-7709

ECHO-37b8-7d67-9685

ROOT-OS-DEBIAN-12-CVE-2025-7709

ROOT-OS-DEBIAN-13-CVE-2025-7709

SUSE-SU-2026:0395-1

UBUNTU-CVE-2025-7709

USN-7751-1

Related

SUSE-SU-2026:0395-1

Published

2025-09-08T15:15:38Z

Modified

2026-02-07T13:58:52.378822Z

Summary

[none]

Details

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

References

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g

Affected packages