CVE-2025-13837

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
PSFCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
python3.11
bookworm
vulnerable
bookworm (security)
vulnerable
python3.13
trixie
vulnerable
forky
vulnerable
sid
vulnerable
python3.14
forky
vulnerable
sid
vulnerable
python3.9
bullseye
vulnerable
bullseye (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
questing
dne
plucky
dne
noble
dne
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
python3.4
questing
dne
plucky
dne
noble
dne
jammy
dne
trusty
needs-triage
python3.5
questing
dne
plucky
dne
noble
dne
jammy
dne
xenial
needs-triage
trusty
needs-triage
python3.6
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
needs-triage
python3.7
questing
dne
plucky
dne
noble
dne
jammy
dne
bionic
needs-triage
python3.8
questing
dne
plucky
dne
noble
dne
jammy
dne
focal
needs-triage
bionic
needs-triage
python3.9
questing
dne
plucky
dne
noble
dne
jammy
dne
focal
needs-triage
python3.10
questing
dne
plucky
dne
noble
dne
jammy
needs-triage
python3.11
questing
dne
plucky
dne
noble
dne
jammy
needs-triage
python3.12
questing
dne
plucky
dne
noble
needs-triage
jammy
dne
python3.13
questing
needs-triage
plucky
needs-triage
noble
dne
jammy
dne
python3.14
questing
needs-triage
plucky
dne
noble
dne
jammy
dne
Vulnerability Media Exposure
References
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
https://github.com/python/cpython/issues/119342
https://github.com/python/cpython/pull/119343
https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/