Memory Allocation with Excessive Size Value

CVE-2025-13837

Low

2.1/10

Summary

In versions prior to 3.13.10, 3.14.x prior to 3.14.1, 3.15.0a1 and 3.15.0a2, when loading a "plist" file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause Out of Memory (OOM) and Denial-of-Service (DoS) issues.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-789 - Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

References

Advisory
Mail Thread
Pull request

Advisory Timeline

Published Dec 01, 2025

Memory Allocation with Excessive Size Value

CVE-2025-13837

Summary

CWE-789 - Memory Allocation with Excessive Size Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS