CVE-2015-3416

EPSS 7.7%

sqlite3 - security update

Published: 4/24/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3416

Description

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.

Affected packages (2)

Debian/sqlite3from 0, < 3.8.9-1
Debian/sqlite3from 0, < 3.7.13-1+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3416