[gungoman]

Penetration testers will have a field day with this if it happens.

[SQLite]

Pen-testers have been hammering hard on SQLite for years. Attacks against SQLite are not as easy as you imagine.

Pen-testers do still occasionally find minor problems. See https://www.sqlite.org/src/info/04925dee41a21ffc for the latest example. But generally speaking, it is safe to open an SQLite database received from an untrusted source. If you are extra paranoid, activate the "PRAGMA cell_size_check=ON" feature and/or run "PRAGMA integrity_check" to verify the database before use.

[jnwatson]

Why? SQLite has been put in safety critical systems and has the best test plan I've ever seen for an open source project.

[rkangel]

It has the best test plan I've seen for any pure software product, and I'm including both medical and safety critical stuff.