Sure, but I very frequently parse PDFs and JPEGs from untrusted sources, but alm... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		eli on Dec 15, 2018 \| parent \| context \| favorite \| on: Remote code execution vulnerability in SQLite Sure, but I very frequently parse PDFs and JPEGs from untrusted sources, but almost never open untrusted .sqlite files. (This is still a serious security vulnerability)

tptacek on Dec 15, 2018 | [–]

It's an RCE in Chrome.

eli on Dec 15, 2018 | | [–]

Ok I see your point

armitron on Dec 15, 2018 | | | [–]

Risk is transitive.

pedrocr on Dec 15, 2018 | [–]

> but almost never open untrusted .sqlite files

You may not notice that you do when apps use sqlite as their file format:

https://www.sqlite.org/appfileformat.html

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact