In SQLite DBMS (CVE-2019-5018) that allows you to execute your own code on the system if it is possible to execute an attacker-prepared SQL query. The problem is caused by an error in the implementation of window functions and manifests itself starting from the branch . Vulnerability in the April issue without explicit mention of fixing security issues.
A specially crafted SQL SELECT query can result in a use-after-free memory area being accessed, which can potentially be used to create an exploit to execute your code in the context of an application using SQLite. The vulnerability can be exploited if the application allows the transfer of SQL constructs from outside to SQLite.
For example, a potential attack could be made on the Chrome browser and applications using the Chromium engine, since the WebSQL API is implemented on top of SQLite and accesses this DBMS to process SQL queries from web applications. To attack, it is enough to create a page with malicious JavaScript code and get the user to open it in a browser based on the Chromium engine.
Source: opennet.ru