The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libsqlite3-tcl-dbgsym": "3.8.2-1ubuntu2.1", "lemon-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-0-dbg": "3.8.2-1ubuntu2.1", "libsqlite3-0-dbgsym": "3.8.2-1ubuntu2.1", "sqlite3-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-tcl": "3.8.2-1ubuntu2.1", "libsqlite3-dev-dbgsym": "3.8.2-1ubuntu2.1", "libsqlite3-0": "3.8.2-1ubuntu2.1", "libsqlite3-dev": "3.8.2-1ubuntu2.1", "sqlite3-doc": "3.8.2-1ubuntu2.1", "sqlite3": "3.8.2-1ubuntu2.1", "lemon": "3.8.2-1ubuntu2.1" } ] }