Undersize RTree blobs in a maliciously-constructed SQLite3 database file
may allow buffer-overreads, un-initialized data use, or possibly other
According to that discussion the bug is not reproducible in SQLite >=3.17.0.
SQLite 3.17.0 is already stable.
> bug is not reproducible in SQLite >=3.17.0.
"The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact."
Ok. So as you say.
Created attachment 485076 [details, diff]
@maintainers, please clean the vulnerable versions.
Old versions deleted.