> The worst outcome is denial-of-service. Not necessarily. A use-after-free bug could be exploited if the attacker can influence the program to allocate memory with interesting data at the same address as the just-freed data. An uninitialized-pointer bug could be exploited if the attacker can influence the value of the pointer, or if he can predict the value of the pointer and influence the program to place interesting data at that address. This is strongly dependent on architecture, configuration, and other circumstances, usually requires other bugs, and takes much more effort than running SQLite through a fuzzer. But it cannot be ruled out completely.