Unrated severityNVD Advisory· Published Dec 1, 2025· Updated Mar 3, 2026
Out-of-memory when loading Plist
CVE-2025-13837
Description
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
111- osv-coords110 versionspkg:apk/chainguard/python-3.12pkg:apk/wolfi/python-3.12pkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/python3pkg:rpm/almalinux/python3.12pkg:rpm/almalinux/python3.12-debugpkg:rpm/almalinux/python3.12-develpkg:rpm/almalinux/python3.12-idlepkg:rpm/almalinux/python3.12-libspkg:rpm/almalinux/python3.12-rpm-macrospkg:rpm/almalinux/python3.12-testpkg:rpm/almalinux/python3.12-tkinterpkg:rpm/almalinux/python3-debugpkg:rpm/almalinux/python3-develpkg:rpm/almalinux/python3-idlepkg:rpm/almalinux/python3-libspkg:rpm/almalinux/python3-testpkg:rpm/almalinux/python3-tkinterpkg:rpm/almalinux/python-unversioned-commandpkg:rpm/opensuse/python310-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python310&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python310-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python313-core&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313-documentation&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313-nogil&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python313-nogil-nogil-core&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python39&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3-core&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python3-documentation&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python313&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python313-documentation&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python313-documentation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 3.12.12-r4+ 109 more
- (no CPE)range: < 3.12.12-r4
- (no CPE)range: < 3.12.12-r4
- (no CPE)range: < 3.13.10
- (no CPE)range: < 3.13.10
- (no CPE)range: < 3.13.10
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el8_10
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.12.13-2.el10_2
- (no CPE)range: < 3.10.19-150400.4.94.1
- (no CPE)range: < 3.10.19-150400.4.94.1
- (no CPE)range: < 3.10.19-3.1
- (no CPE)range: < 3.10.19-150400.4.94.1
- (no CPE)range: < 3.11.14-150600.3.41.2
- (no CPE)range: < 3.11.14-150600.3.41.2
- (no CPE)range: < 3.11.14-3.1
- (no CPE)range: < 3.11.14-150600.3.41.1
- (no CPE)range: < 3.12.12-150600.3.40.1
- (no CPE)range: < 3.12.12-150600.3.40.1
- (no CPE)range: < 3.12.12-4.1
- (no CPE)range: < 3.12.12-150600.3.40.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.14.2-1.1
- (no CPE)range: < 3.15.0~a3-1.1
- (no CPE)range: < 3.9.25-150300.4.90.1
- (no CPE)range: < 3.9.25-150300.4.90.1
- (no CPE)range: < 3.9.25-2.1
- (no CPE)range: < 3.9.25-150300.4.90.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150600.3.41.2
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150600.3.41.2
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.14-2.1
- (no CPE)range: < 3.11.14-slfo.1.1_2.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150600.3.41.2
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.15-150600.3.53.1
- (no CPE)range: < 3.11.14-2.1
- (no CPE)range: < 3.11.14-slfo.1.1_2.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.11.14-150400.9.72.1
- (no CPE)range: < 3.13.11-150700.4.36.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-150700.4.36.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.13.11-160000.1.1
- (no CPE)range: < 3.6.15-97.1
- (no CPE)range: < 3.6.15-97.1
- (no CPE)range: < 3.4.10-25.166.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.6.15-150300.10.103.1
- (no CPE)range: < 3.4.10-25.166.1
- Range: 0
Patches
Vulnerability mechanics
References
9- github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036mitrepatch
- github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2bmitrepatch
- github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70mitrepatch
- github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1bamitrepatch
- github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cbmitrepatch
- github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111mitrepatch
- github.com/python/cpython/pull/119343mitrepatch
- mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/mitrevendor-advisory
- github.com/python/cpython/issues/119342mitreissue-tracking
News mentions
0No linked articles in our index yet.