CVE-2025-71316

Severity CVSS v4.0:
CRITICAL
Type:
Unavailable / Other
Publication date:
04/06/2026
Last modified:
05/06/2026

Description

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.