Description
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1151)
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0.4)
WordPress Plugin About Me Page Cross-Site Scripting (4.0)
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16183)