CVE-2025-13837

Low CVSS: 2.1

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Vendor

Product

CWE

Yayın Tarihi

2025-12-01 18:16:04

Güncelleme

2026-03-03 15:16:14

Source Identifier

cna@python.org

KEV Date Added

CWE-400 Python LOW Python 2025

https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036 https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70 https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/

Medium

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a…

High

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is comp…

High

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action suppo…

High

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a…

Medium

CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the…

High

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT…