In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Gentoo Linux Security Advisory 202007-26 - Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code. Versions less than 3.32.3 are affected.