CRITICAL
SQLite
CVE published 2026-06-04
CVE-2025-71316
A critical vulnerability (CVSS Score: 9.2) was disclosed in SQLite 'sqldiff.exe' on 2026-06-04. The vulnerability occurs because 'sqldiff.exe' does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. This allows an attacker to use the '-L' option to load an arbitrary DLL with a crafted command line argument string, resulting in command line file a [truncated]