Description
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
Remediation
References
Related Vulnerabilities
Nginx Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-1247)
Java Denial of Service (DoS) Vulnerability (CVE-2018-11212)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5629)
WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.1.2)