CVE-2025-71316
CRITICAL NVDCVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
Jun 04, 2026
Description
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.