CVE-2025-13837

EUVD-2025-200069
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
pythonpython
𝑥
< 3.13.10
pythonpython
3.14.0 ≤
𝑥
< 3.14.1
pythonpython
3.15.0:alpha1
pythonpython
3.15.0:alpha2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.10.20
CNA
pythoncpython
3.11.0 ≤
𝑥
< 3.11.15
CNA
pythoncpython
3.12.0 ≤
𝑥
< 3.12.13
CNA
pythoncpython
3.13.0 ≤
𝑥
< 3.13.10
CNA
pythoncpython
3.14.0 ≤
𝑥
< 3.14.1
CNA
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
7.3.23+dfsg-1
fixed
sid
7.3.23+dfsg-1
fixed
trixie
no-dsa
python3.11
bookworm
3.11.2-6+deb12u7
fixed
bookworm (security)
vulnerable
python3.13
forky
3.13.12-1
fixed
sid
3.13.12-1
fixed
trixie
3.13.5-2+deb13u2
fixed
python3.14
forky
3.14.5-1
fixed
sid
3.14.5-1
fixed
python3.9
bullseye
vulnerable
bullseye (security)
3.9.2-1+deb11u7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
ignored
focal
ignored
jammy
ignored
noble
dne
plucky
dne
questing
dne
resolute
dne
trusty
ignored
xenial
ignored
python3.4
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
trusty
ignored
python3.5
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm9
released
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm21
released
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm8
released
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm9
released
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm9
released
focal
Fixed 3.8.10-0ubuntu1~20.04.18+esm5
released
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.9
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm9
released
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.10
jammy
Fixed 3.10.12-1~22.04.14
released
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.11
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm8
released
noble
dne
plucky
dne
questing
dne
resolute
dne
python3.12
jammy
dne
noble
Fixed 3.12.3-1ubuntu0.11
released
plucky
dne
questing
dne
resolute
dne
python3.13
jammy
dne
noble
dne
plucky
ignored
questing
Fixed 3.13.7-1ubuntu0.3
released
resolute
dne
python3.14
jammy
dne
noble
dne
plucky
dne
questing
Fixed 3.14.0-1ubuntu0.2
released
resolute
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpython3_10-1_0
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
libpython3_11-1_0
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
libpython3_12-1_0
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
libpython3_13-1_0
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
libpython3_4m1_0
suse enterprise server 12 SP3
3.4.10-25.166.1
fixed
libpython3_6m1_0
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 12 SP3
3.4.10-25.166.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-base
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 12 SP3
3.4.10-25.166.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-curses
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 12 SP3
3.4.10-25.166.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-dbm
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-devel
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-idle
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-tk
suse enterprise desktop 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise sap 15 SP7
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
suse enterprise server 15 SP7
3.6.15-150300.10.103.1
fixed
python3-tools
suse enterprise server 15 SP4
3.6.15-150300.10.103.1
fixed
python310
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-base
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-curses
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-dbm
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-devel
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-idle
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-tk
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python310-tools
suse enterprise server 15 SP4
3.10.20-150400.4.102.1
fixed
python311
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-base
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-curses
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-dbm
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-devel
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-doc
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
python311-doc-devhelp
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
python311-idle
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-tk
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python311-tools
suse enterprise desktop 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise sap 15 SP7
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP4
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP5
3.11.15-150400.9.80.1
fixed
suse enterprise server 15 SP6
3.11.15-150600.3.53.1
fixed
suse enterprise server 15 SP7
3.11.15-150600.3.53.1
fixed
python312
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-base
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-curses
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-dbm
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-devel
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-idle
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-tk
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python312-tools
suse enterprise server 15 SP6
3.12.13-150600.3.48.1
fixed
python313
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-base
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-curses
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-dbm
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-devel
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-idle
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-tk
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python313-tools
suse enterprise desktop 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise sap 15 SP7
3.13.11-150700.4.36.1
fixed
suse enterprise server 15 SP7
3.13.11-150700.4.36.1
fixed
python36
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-base
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.140.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python3.12
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-debug
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-devel
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-idle
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-libs
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-rpm-macros
RHEL 8
0:3.12.13-2.el8_10
fixed
python3.12-test
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
python3.12-tkinter
RHEL 8
0:3.12.13-2.el8_10
fixed
RHEL 9
0:3.12.13-2.el9_8
fixed
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036
https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111
https://github.com/python/cpython/issues/119342
https://github.com/python/cpython/pull/119343
https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/