DEBIAN-CVE-2025-13837

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2025-13837
Downstream
DLA-4445-1
Published: 01 Dec 2025, 18:16
Last modified:16 May 2026, 14:03

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Dec 2025, 18:16
Published
Vulnerability first disclosed
16 May 2026, 14:03
Last Modified
Vulnerability information updated

Description

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Systems

  • debianpypy3

    all | all | all | all | < 7.3.21+dfsg-1

  • debianpython3.11

    all | < 3.11.2-6+deb12u7

  • debianpython3.13

    all | < 3.13.5-2+deb13u1 | < 3.13.11-1

  • debianpython3.14

    < 3.14.2-1

  • debianpython3.9

    < 3.9.2-1+deb11u4

References (1)