DEBIAN-CVE-2025-13837 — Vulnetix

DEBIAN-CVE-2025-13837 PUBLISHED CVSS 5.5 MEDIUM

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	python3.11	*, 3.11.2-6+deb12u1, 3.11.2-6+deb12u2
Debian:13	pypy3	7.3.19+dfsg-2, 7.3.22+dfsg, 7.3.21+dfsg
Debian:14	pypy3	7.3.20+dfsg, 7.3.20+dfsg, 7.3.20+dfsg
Debian:14	python3.14	3.14.0~b4-1, 3.14.0~b3-1, 3.14.0~b2-1
Debian:12	pypy3	7.3.14+dfsg-1, 0, 7.3.11+dfsg-2+deb12u1
Debian:11	pypy3	7.3.10+dfsg, 7.3.8+dfsg, 7.3.8
Debian:13	python3.13	3.13.8-1, 3.13.9-1, 3.13.5-2
Debian:11	python3.9	0, 3.9.2-1, 3.9.2-1+deb11u2
Debian:14	python3.13	3.13.7-1, 3.13.9-1, 3.13.8-1

Timeline

Dec 1, 2025 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-13837 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›