Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.

PGV-255532C - USN-7676-1 -- SQLite vulnerability

Disclosed on July 28, 2025 (updated June 27, 2026)

Vulnerability Overview

PGV-255532C is a category 3 vulnerabilty that affects the following packages:

  • lemon, versions < 0:3.46.1-3ubuntu0.2
  • libsqlite3-0, versions < 0:3.46.1-3ubuntu0.2
  • libsqlite3-dev, versions < 0:3.46.1-3ubuntu0.2
  • libsqlite3-ext-csv, versions < 0:3.46.1-3ubuntu0.2
  • libsqlite3-ext-icu, versions < 0:3.46.1-3ubuntu0.2
  • libsqlite3-tcl, versions < 0:3.46.1-3ubuntu0.2
  • sqlite3, versions < 0:3.46.1-3ubuntu0.2
  • sqlite3-doc, versions < 0:3.46.1-3ubuntu0.2
  • sqlite3-tools, versions < 0:3.46.1-3ubuntu0.2

Risk Assessment

The risk assessment shows that this vulnerability is exlpoited by a rogue user. A legitimate user who abuses authorized access to exploit this vulnerability.

The impact is an environmental compromise. Exploitation can escape the application boundary and impact the host environment, infrastructure, or other services.

The threat damage is caused by a denial of service (limited). Exploitation can degrade or intermittently disrupt application availability without causing a full outage.is caused by a data breach (limited). Exploitation does not provide access to data beyond what the user is already authorized to access.is caused by data tampering. Exploitation can result in modification of any data (authorized or not) within the system.

Vulnerability Details

It was discovered that SQLite incorrectly handled certain numbers of aggregate terms. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run sudo pro fix USN-7676-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.46.1-3ubuntu0.2 libsqlite3-0 - 3.46.1-3ubuntu0.2 libsqlite3-dev - 3.46.1-3ubuntu0.2 libsqlite3-ext-csv - 3.46.1-3ubuntu0.2 libsqlite3-ext-icu - 3.46.1-3ubuntu0.2 libsqlite3-tcl - 3.46.1-3ubuntu0.2 sqlite3 - 3.46.1-3ubuntu0.2 sqlite3-doc - 3.46.1-3ubuntu0.2 sqlite3-tools - 3.46.1-3ubuntu0.2 No subscription required

Common Weakness Enumerations

  • CWE-197 - Numeric Truncation Error
Your Risk Profile
Network Exposure
External
Accessable from the public internet
Access Interface
WebBrowser
Primarily web-based applications
Service Outage
Disruptive
Operations would be impacted
Data Breach
Disruptive
Operations would be impacted
Data Tampering
Disruptive
Operations would be impacted
Customize
Additional Identifiers
  • CVE-2025-6965
  • oval:com.ubuntu.plucky:def:76761000000