Advisories » MGASA-2025-0167

Updated sqlite3 packages fix security vulnerability

Publication date: 27 May 2025
Modification date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29088

Description

In SQLite 3.49.0 before 3.49.1, certain argument values to
sqlite3_db_config (in the C-language API) can cause a denial of service
(application crash). An sz*nBig multiplication is not cast to a 64-bit
integer, and consequently some memory allocations may be incorrect.
(CVE-2025-29088)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34217
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DUNGXGTRJGRYS2XF6QS2CZPSWAF5HHVJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29088

SRPMS

9/core

• sqlite3-3.40.1-1.2.mga9