GHSA-gxv8-whj6-g59fCriticalCVSS 9.8

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts...

Published
June 4, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

🔗 References (7)