Loading market data...
← Back to CVE feed

CVE-2025-71316

CRITICAL CVSS 9.8 View on NVD ↗

Description

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: Jun 04, 2026 19:16 UTC Modified: Jun 05, 2026 15:56 UTC